4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
46 #include "rfc1002pdu.h"
50 #define RFC1001_PORT 139
52 extern void SMBNTencrypt(unsigned char *passwd
, unsigned char *c8
,
55 extern mempool_t
*cifs_req_poolp
;
63 char *in6_addr
; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset
; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name
[16]; /* netbios name of client */
66 char target_rfc1001_name
[16]; /* netbios name of server for Win9x/ME */
80 bool no_psx_acl
:1; /* set if posix acl support should be disabled */
82 bool no_xattr
:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino
:1; /* use inode numbers from server ie UniqueId */
85 bool remap
:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths
:1; /* unset to not ask for posix pathnames. */
89 bool nullauth
:1; /* attempt to authenticate with null user */
90 bool nocase
:1; /* request case insensitive filenames */
91 bool nobrl
:1; /* disable sending byte range locks to srv */
92 bool seal
:1; /* request transport encryption on share */
93 bool nodfs
:1; /* Do not request DFS, even if available */
94 bool local_lease
:1; /* check leases only on local system, not remote */
100 unsigned short int port
;
104 static int ipv4_connect(struct sockaddr_in
*psin_server
,
105 struct socket
**csocket
,
107 char *server_netb_name
,
109 bool nosndbuf
); /* ipv6 never set sndbuf size */
110 static int ipv6_connect(struct sockaddr_in6
*psin_server
,
111 struct socket
**csocket
, bool noblocksnd
);
115 * cifs tcp session reconnection
117 * mark tcp session as reconnecting so temporarily locked
118 * mark all smb sessions as reconnecting for tcp session
119 * reconnect tcp session
120 * wake up waiters on reconnection? - (not needed currently)
124 cifs_reconnect(struct TCP_Server_Info
*server
)
127 struct list_head
*tmp
;
128 struct cifsSesInfo
*ses
;
129 struct cifsTconInfo
*tcon
;
130 struct mid_q_entry
*mid_entry
;
132 spin_lock(&GlobalMid_Lock
);
133 if (server
->tcpStatus
== CifsExiting
) {
134 /* the demux thread will exit normally
135 next time through the loop */
136 spin_unlock(&GlobalMid_Lock
);
139 server
->tcpStatus
= CifsNeedReconnect
;
140 spin_unlock(&GlobalMid_Lock
);
143 cFYI(1, ("Reconnecting tcp session"));
145 /* before reconnecting the tcp session, mark the smb session (uid)
146 and the tid bad so they are not used until reconnected */
147 read_lock(&cifs_tcp_ses_lock
);
148 list_for_each(tmp
, &server
->smb_ses_list
) {
149 ses
= list_entry(tmp
, struct cifsSesInfo
, smb_ses_list
);
150 ses
->need_reconnect
= true;
153 read_unlock(&cifs_tcp_ses_lock
);
154 list_for_each(tmp
, &GlobalTreeConnectionList
) {
155 tcon
= list_entry(tmp
, struct cifsTconInfo
, cifsConnectionList
);
156 if ((tcon
->ses
) && (tcon
->ses
->server
== server
))
157 tcon
->need_reconnect
= true;
159 /* do not want to be sending data on a socket we are freeing */
160 down(&server
->tcpSem
);
161 if (server
->ssocket
) {
162 cFYI(1, ("State: 0x%x Flags: 0x%lx", server
->ssocket
->state
,
163 server
->ssocket
->flags
));
164 kernel_sock_shutdown(server
->ssocket
, SHUT_WR
);
165 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
166 server
->ssocket
->state
,
167 server
->ssocket
->flags
));
168 sock_release(server
->ssocket
);
169 server
->ssocket
= NULL
;
172 spin_lock(&GlobalMid_Lock
);
173 list_for_each(tmp
, &server
->pending_mid_q
) {
174 mid_entry
= list_entry(tmp
, struct
177 if (mid_entry
->midState
== MID_REQUEST_SUBMITTED
) {
178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
182 mid_entry
->midState
= MID_RETRY_NEEDED
;
185 spin_unlock(&GlobalMid_Lock
);
188 while ((server
->tcpStatus
!= CifsExiting
) &&
189 (server
->tcpStatus
!= CifsGood
)) {
191 if (server
->addr
.sockAddr6
.sin6_family
== AF_INET6
) {
192 rc
= ipv6_connect(&server
->addr
.sockAddr6
,
193 &server
->ssocket
, server
->noautotune
);
195 rc
= ipv4_connect(&server
->addr
.sockAddr
,
197 server
->workstation_RFC1001_name
,
198 server
->server_RFC1001_name
,
199 server
->noblocksnd
, server
->noautotune
);
202 cFYI(1, ("reconnect error %d", rc
));
205 atomic_inc(&tcpSesReconnectCount
);
206 spin_lock(&GlobalMid_Lock
);
207 if (server
->tcpStatus
!= CifsExiting
)
208 server
->tcpStatus
= CifsGood
;
209 server
->sequence_number
= 0;
210 spin_unlock(&GlobalMid_Lock
);
211 /* atomic_set(&server->inFlight,0);*/
212 wake_up(&server
->response_q
);
220 0 not a transact2, or all data present
221 >0 transact2 with that much data missing
222 -EINVAL = invalid transact2
225 static int check2ndT2(struct smb_hdr
*pSMB
, unsigned int maxBufSize
)
227 struct smb_t2_rsp
*pSMBt
;
229 int data_in_this_rsp
;
232 if (pSMB
->Command
!= SMB_COM_TRANSACTION2
)
235 /* check for plausible wct, bcc and t2 data and parm sizes */
236 /* check for parm and data offset going beyond end of smb */
237 if (pSMB
->WordCount
!= 10) { /* coalesce_t2 depends on this */
238 cFYI(1, ("invalid transact2 word count"));
242 pSMBt
= (struct smb_t2_rsp
*)pSMB
;
244 total_data_size
= le16_to_cpu(pSMBt
->t2_rsp
.TotalDataCount
);
245 data_in_this_rsp
= le16_to_cpu(pSMBt
->t2_rsp
.DataCount
);
247 remaining
= total_data_size
- data_in_this_rsp
;
251 else if (remaining
< 0) {
252 cFYI(1, ("total data %d smaller than data in frame %d",
253 total_data_size
, data_in_this_rsp
));
256 cFYI(1, ("missing %d bytes from transact2, check next response",
258 if (total_data_size
> maxBufSize
) {
259 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
260 total_data_size
, maxBufSize
));
267 static int coalesce_t2(struct smb_hdr
*psecond
, struct smb_hdr
*pTargetSMB
)
269 struct smb_t2_rsp
*pSMB2
= (struct smb_t2_rsp
*)psecond
;
270 struct smb_t2_rsp
*pSMBt
= (struct smb_t2_rsp
*)pTargetSMB
;
275 char *data_area_of_target
;
276 char *data_area_of_buf2
;
279 total_data_size
= le16_to_cpu(pSMBt
->t2_rsp
.TotalDataCount
);
281 if (total_data_size
!= le16_to_cpu(pSMB2
->t2_rsp
.TotalDataCount
)) {
282 cFYI(1, ("total data size of primary and secondary t2 differ"));
285 total_in_buf
= le16_to_cpu(pSMBt
->t2_rsp
.DataCount
);
287 remaining
= total_data_size
- total_in_buf
;
292 if (remaining
== 0) /* nothing to do, ignore */
295 total_in_buf2
= le16_to_cpu(pSMB2
->t2_rsp
.DataCount
);
296 if (remaining
< total_in_buf2
) {
297 cFYI(1, ("transact2 2nd response contains too much data"));
300 /* find end of first SMB data area */
301 data_area_of_target
= (char *)&pSMBt
->hdr
.Protocol
+
302 le16_to_cpu(pSMBt
->t2_rsp
.DataOffset
);
303 /* validate target area */
305 data_area_of_buf2
= (char *) &pSMB2
->hdr
.Protocol
+
306 le16_to_cpu(pSMB2
->t2_rsp
.DataOffset
);
308 data_area_of_target
+= total_in_buf
;
310 /* copy second buffer into end of first buffer */
311 memcpy(data_area_of_target
, data_area_of_buf2
, total_in_buf2
);
312 total_in_buf
+= total_in_buf2
;
313 pSMBt
->t2_rsp
.DataCount
= cpu_to_le16(total_in_buf
);
314 byte_count
= le16_to_cpu(BCC_LE(pTargetSMB
));
315 byte_count
+= total_in_buf2
;
316 BCC_LE(pTargetSMB
) = cpu_to_le16(byte_count
);
318 byte_count
= pTargetSMB
->smb_buf_length
;
319 byte_count
+= total_in_buf2
;
321 /* BB also add check that we are not beyond maximum buffer size */
323 pTargetSMB
->smb_buf_length
= byte_count
;
325 if (remaining
== total_in_buf2
) {
326 cFYI(1, ("found the last secondary response"));
327 return 0; /* we are done */
328 } else /* more responses to go */
334 cifs_demultiplex_thread(struct TCP_Server_Info
*server
)
337 unsigned int pdu_length
, total_read
;
338 struct smb_hdr
*smb_buffer
= NULL
;
339 struct smb_hdr
*bigbuf
= NULL
;
340 struct smb_hdr
*smallbuf
= NULL
;
341 struct msghdr smb_msg
;
343 struct socket
*csocket
= server
->ssocket
;
344 struct list_head
*tmp
;
345 struct cifsSesInfo
*ses
;
346 struct task_struct
*task_to_wake
= NULL
;
347 struct mid_q_entry
*mid_entry
;
349 bool isLargeBuf
= false;
353 current
->flags
|= PF_MEMALLOC
;
354 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current
)));
356 length
= atomic_inc_return(&tcpSesAllocCount
);
358 mempool_resize(cifs_req_poolp
, length
+ cifs_min_rcv
,
362 while (server
->tcpStatus
!= CifsExiting
) {
365 if (bigbuf
== NULL
) {
366 bigbuf
= cifs_buf_get();
368 cERROR(1, ("No memory for large SMB response"));
370 /* retry will check if exiting */
373 } else if (isLargeBuf
) {
374 /* we are reusing a dirty large buf, clear its start */
375 memset(bigbuf
, 0, sizeof(struct smb_hdr
));
378 if (smallbuf
== NULL
) {
379 smallbuf
= cifs_small_buf_get();
381 cERROR(1, ("No memory for SMB response"));
383 /* retry will check if exiting */
386 /* beginning of smb buffer is cleared in our buf_get */
387 } else /* if existing small buf clear beginning */
388 memset(smallbuf
, 0, sizeof(struct smb_hdr
));
392 smb_buffer
= smallbuf
;
393 iov
.iov_base
= smb_buffer
;
395 smb_msg
.msg_control
= NULL
;
396 smb_msg
.msg_controllen
= 0;
397 pdu_length
= 4; /* enough to get RFC1001 header */
400 kernel_recvmsg(csocket
, &smb_msg
,
401 &iov
, 1, pdu_length
, 0 /* BB other flags? */);
403 if (server
->tcpStatus
== CifsExiting
) {
405 } else if (server
->tcpStatus
== CifsNeedReconnect
) {
406 cFYI(1, ("Reconnect after server stopped responding"));
407 cifs_reconnect(server
);
408 cFYI(1, ("call to reconnect done"));
409 csocket
= server
->ssocket
;
411 } else if ((length
== -ERESTARTSYS
) || (length
== -EAGAIN
)) {
412 msleep(1); /* minimum sleep to prevent looping
413 allowing socket to clear and app threads to set
414 tcpStatus CifsNeedReconnect if server hung */
415 if (pdu_length
< 4) {
416 iov
.iov_base
= (4 - pdu_length
) +
418 iov
.iov_len
= pdu_length
;
419 smb_msg
.msg_control
= NULL
;
420 smb_msg
.msg_controllen
= 0;
424 } else if (length
<= 0) {
425 if (server
->tcpStatus
== CifsNew
) {
426 cFYI(1, ("tcp session abend after SMBnegprot"));
427 /* some servers kill the TCP session rather than
428 returning an SMB negprot error, in which
429 case reconnecting here is not going to help,
430 and so simply return error to mount */
433 if (!try_to_freeze() && (length
== -EINTR
)) {
434 cFYI(1, ("cifsd thread killed"));
437 cFYI(1, ("Reconnect after unexpected peek error %d",
439 cifs_reconnect(server
);
440 csocket
= server
->ssocket
;
441 wake_up(&server
->response_q
);
443 } else if (length
< pdu_length
) {
444 cFYI(1, ("requested %d bytes but only got %d bytes",
445 pdu_length
, length
));
446 pdu_length
-= length
;
451 /* The right amount was read from socket - 4 bytes */
452 /* so we can now interpret the length field */
454 /* the first byte big endian of the length field,
455 is actually not part of the length but the type
456 with the most common, zero, as regular data */
457 temp
= *((char *) smb_buffer
);
459 /* Note that FC 1001 length is big endian on the wire,
460 but we convert it here so it is always manipulated
461 as host byte order */
462 pdu_length
= be32_to_cpu((__force __be32
)smb_buffer
->smb_buf_length
);
463 smb_buffer
->smb_buf_length
= pdu_length
;
465 cFYI(1, ("rfc1002 length 0x%x", pdu_length
+4));
467 if (temp
== (char) RFC1002_SESSION_KEEP_ALIVE
) {
469 } else if (temp
== (char)RFC1002_POSITIVE_SESSION_RESPONSE
) {
470 cFYI(1, ("Good RFC 1002 session rsp"));
472 } else if (temp
== (char)RFC1002_NEGATIVE_SESSION_RESPONSE
) {
473 /* we get this from Windows 98 instead of
474 an error on SMB negprot response */
475 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
477 if (server
->tcpStatus
== CifsNew
) {
478 /* if nack on negprot (rather than
479 ret of smb negprot error) reconnecting
480 not going to help, ret error to mount */
483 /* give server a second to
484 clean up before reconnect attempt */
486 /* always try 445 first on reconnect
487 since we get NACK on some if we ever
488 connected to port 139 (the NACK is
489 since we do not begin with RFC1001
490 session initialize frame) */
491 server
->addr
.sockAddr
.sin_port
=
493 cifs_reconnect(server
);
494 csocket
= server
->ssocket
;
495 wake_up(&server
->response_q
);
498 } else if (temp
!= (char) 0) {
499 cERROR(1, ("Unknown RFC 1002 frame"));
500 cifs_dump_mem(" Received Data: ", (char *)smb_buffer
,
502 cifs_reconnect(server
);
503 csocket
= server
->ssocket
;
507 /* else we have an SMB response */
508 if ((pdu_length
> CIFSMaxBufSize
+ MAX_CIFS_HDR_SIZE
- 4) ||
509 (pdu_length
< sizeof(struct smb_hdr
) - 1 - 4)) {
510 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
511 length
, pdu_length
+4));
512 cifs_reconnect(server
);
513 csocket
= server
->ssocket
;
514 wake_up(&server
->response_q
);
521 if (pdu_length
> MAX_CIFS_SMALL_BUFFER_SIZE
- 4) {
523 memcpy(bigbuf
, smallbuf
, 4);
527 iov
.iov_base
= 4 + (char *)smb_buffer
;
528 iov
.iov_len
= pdu_length
;
529 for (total_read
= 0; total_read
< pdu_length
;
530 total_read
+= length
) {
531 length
= kernel_recvmsg(csocket
, &smb_msg
, &iov
, 1,
532 pdu_length
- total_read
, 0);
533 if ((server
->tcpStatus
== CifsExiting
) ||
534 (length
== -EINTR
)) {
538 } else if (server
->tcpStatus
== CifsNeedReconnect
) {
539 cifs_reconnect(server
);
540 csocket
= server
->ssocket
;
541 /* Reconnect wakes up rspns q */
542 /* Now we will reread sock */
545 } else if ((length
== -ERESTARTSYS
) ||
546 (length
== -EAGAIN
)) {
547 msleep(1); /* minimum sleep to prevent looping,
548 allowing socket to clear and app
549 threads to set tcpStatus
550 CifsNeedReconnect if server hung*/
553 } else if (length
<= 0) {
554 cERROR(1, ("Received no data, expecting %d",
555 pdu_length
- total_read
));
556 cifs_reconnect(server
);
557 csocket
= server
->ssocket
;
564 else if (reconnect
== 1)
567 length
+= 4; /* account for rfc1002 hdr */
570 dump_smb(smb_buffer
, length
);
571 if (checkSMB(smb_buffer
, smb_buffer
->Mid
, total_read
+4)) {
572 cifs_dump_mem("Bad SMB: ", smb_buffer
, 48);
578 spin_lock(&GlobalMid_Lock
);
579 list_for_each(tmp
, &server
->pending_mid_q
) {
580 mid_entry
= list_entry(tmp
, struct mid_q_entry
, qhead
);
582 if ((mid_entry
->mid
== smb_buffer
->Mid
) &&
583 (mid_entry
->midState
== MID_REQUEST_SUBMITTED
) &&
584 (mid_entry
->command
== smb_buffer
->Command
)) {
585 if (check2ndT2(smb_buffer
,server
->maxBuf
) > 0) {
586 /* We have a multipart transact2 resp */
588 if (mid_entry
->resp_buf
) {
589 /* merge response - fix up 1st*/
590 if (coalesce_t2(smb_buffer
,
591 mid_entry
->resp_buf
)) {
592 mid_entry
->multiRsp
=
596 /* all parts received */
597 mid_entry
->multiEnd
=
603 cERROR(1,("1st trans2 resp needs bigbuf"));
604 /* BB maybe we can fix this up, switch
605 to already allocated large buffer? */
607 /* Have first buffer */
608 mid_entry
->resp_buf
=
610 mid_entry
->largeBuf
=
617 mid_entry
->resp_buf
= smb_buffer
;
618 mid_entry
->largeBuf
= isLargeBuf
;
620 task_to_wake
= mid_entry
->tsk
;
621 mid_entry
->midState
= MID_RESPONSE_RECEIVED
;
622 #ifdef CONFIG_CIFS_STATS2
623 mid_entry
->when_received
= jiffies
;
625 /* so we do not time out requests to server
626 which is still responding (since server could
627 be busy but not dead) */
628 server
->lstrp
= jiffies
;
632 spin_unlock(&GlobalMid_Lock
);
634 /* Was previous buf put in mpx struct for multi-rsp? */
636 /* smb buffer will be freed by user thread */
642 wake_up_process(task_to_wake
);
643 } else if (!is_valid_oplock_break(smb_buffer
, server
) &&
645 cERROR(1, ("No task to wake, unknown frame received! "
646 "NumMids %d", midCount
.counter
));
647 cifs_dump_mem("Received Data is: ", (char *)smb_buffer
,
648 sizeof(struct smb_hdr
));
649 #ifdef CONFIG_CIFS_DEBUG2
650 cifs_dump_detail(smb_buffer
);
651 cifs_dump_mids(server
);
652 #endif /* CIFS_DEBUG2 */
655 } /* end while !EXITING */
657 /* take it off the list, if it's not already */
658 write_lock(&cifs_tcp_ses_lock
);
659 list_del_init(&server
->tcp_ses_list
);
660 write_unlock(&cifs_tcp_ses_lock
);
662 spin_lock(&GlobalMid_Lock
);
663 server
->tcpStatus
= CifsExiting
;
664 spin_unlock(&GlobalMid_Lock
);
665 wake_up_all(&server
->response_q
);
667 /* check if we have blocked requests that need to free */
668 /* Note that cifs_max_pending is normally 50, but
669 can be set at module install time to as little as two */
670 spin_lock(&GlobalMid_Lock
);
671 if (atomic_read(&server
->inFlight
) >= cifs_max_pending
)
672 atomic_set(&server
->inFlight
, cifs_max_pending
- 1);
673 /* We do not want to set the max_pending too low or we
674 could end up with the counter going negative */
675 spin_unlock(&GlobalMid_Lock
);
676 /* Although there should not be any requests blocked on
677 this queue it can not hurt to be paranoid and try to wake up requests
678 that may haven been blocked when more than 50 at time were on the wire
679 to the same server - they now will see the session is in exit state
680 and get out of SendReceive. */
681 wake_up_all(&server
->request_q
);
682 /* give those requests time to exit */
685 if (server
->ssocket
) {
686 sock_release(csocket
);
687 server
->ssocket
= NULL
;
689 /* buffer usuallly freed in free_mid - need to free it here on exit */
690 cifs_buf_release(bigbuf
);
691 if (smallbuf
) /* no sense logging a debug message if NULL */
692 cifs_small_buf_release(smallbuf
);
695 * BB: we shouldn't have to do any of this. It shouldn't be
696 * possible to exit from the thread with active SMB sessions
698 read_lock(&cifs_tcp_ses_lock
);
699 if (list_empty(&server
->pending_mid_q
)) {
700 /* loop through server session structures attached to this and
702 list_for_each(tmp
, &server
->smb_ses_list
) {
703 ses
= list_entry(tmp
, struct cifsSesInfo
,
705 ses
->status
= CifsExiting
;
708 read_unlock(&cifs_tcp_ses_lock
);
710 /* although we can not zero the server struct pointer yet,
711 since there are active requests which may depnd on them,
712 mark the corresponding SMB sessions as exiting too */
713 list_for_each(tmp
, &server
->smb_ses_list
) {
714 ses
= list_entry(tmp
, struct cifsSesInfo
,
716 ses
->status
= CifsExiting
;
719 spin_lock(&GlobalMid_Lock
);
720 list_for_each(tmp
, &server
->pending_mid_q
) {
721 mid_entry
= list_entry(tmp
, struct mid_q_entry
, qhead
);
722 if (mid_entry
->midState
== MID_REQUEST_SUBMITTED
) {
723 cFYI(1, ("Clearing Mid 0x%x - waking up ",
725 task_to_wake
= mid_entry
->tsk
;
727 wake_up_process(task_to_wake
);
730 spin_unlock(&GlobalMid_Lock
);
731 read_unlock(&cifs_tcp_ses_lock
);
732 /* 1/8th of sec is more than enough time for them to exit */
736 if (!list_empty(&server
->pending_mid_q
)) {
737 /* mpx threads have not exited yet give them
738 at least the smb send timeout time for long ops */
739 /* due to delays on oplock break requests, we need
740 to wait at least 45 seconds before giving up
741 on a request getting a response and going ahead
743 cFYI(1, ("Wait for exit from demultiplex thread"));
745 /* if threads still have not exited they are probably never
746 coming home not much else we can do but free the memory */
749 /* last chance to mark ses pointers invalid
750 if there are any pointing to this (e.g
751 if a crazy root user tried to kill cifsd
752 kernel thread explicitly this might happen) */
753 /* BB: This shouldn't be necessary, see above */
754 read_lock(&cifs_tcp_ses_lock
);
755 list_for_each(tmp
, &server
->smb_ses_list
) {
756 ses
= list_entry(tmp
, struct cifsSesInfo
, smb_ses_list
);
759 read_unlock(&cifs_tcp_ses_lock
);
761 kfree(server
->hostname
);
762 task_to_wake
= xchg(&server
->tsk
, NULL
);
765 length
= atomic_dec_return(&tcpSesAllocCount
);
767 mempool_resize(cifs_req_poolp
, length
+ cifs_min_rcv
,
770 /* if server->tsk was NULL then wait for a signal before exiting */
772 set_current_state(TASK_INTERRUPTIBLE
);
773 while (!signal_pending(current
)) {
775 set_current_state(TASK_INTERRUPTIBLE
);
777 set_current_state(TASK_RUNNING
);
783 /* extract the host portion of the UNC string */
785 extract_hostname(const char *unc
)
791 /* skip double chars at beginning of string */
792 /* BB: check validity of these bytes? */
795 /* delimiter between hostname and sharename is always '\\' now */
796 delim
= strchr(src
, '\\');
798 return ERR_PTR(-EINVAL
);
801 dst
= kmalloc((len
+ 1), GFP_KERNEL
);
803 return ERR_PTR(-ENOMEM
);
805 memcpy(dst
, src
, len
);
812 cifs_parse_mount_options(char *options
, const char *devname
,
817 unsigned int temp_len
, i
, j
;
823 if (Local_System_Name
[0] != 0)
824 memcpy(vol
->source_rfc1001_name
, Local_System_Name
, 15);
826 char *nodename
= utsname()->nodename
;
827 int n
= strnlen(nodename
, 15);
828 memset(vol
->source_rfc1001_name
, 0x20, 15);
829 for (i
= 0; i
< n
; i
++) {
830 /* does not have to be perfect mapping since field is
831 informational, only used for servers that do not support
832 port 445 and it can be overridden at mount time */
833 vol
->source_rfc1001_name
[i
] = toupper(nodename
[i
]);
836 vol
->source_rfc1001_name
[15] = 0;
837 /* null target name indicates to use *SMBSERVR default called name
838 if we end up sending RFC1001 session initialize */
839 vol
->target_rfc1001_name
[0] = 0;
840 vol
->linux_uid
= current
->uid
; /* current->euid instead? */
841 vol
->linux_gid
= current
->gid
;
842 vol
->dir_mode
= S_IRWXUGO
;
843 /* 2767 perms indicate mandatory locking support */
844 vol
->file_mode
= (S_IRWXUGO
| S_ISGID
) & (~S_IXGRP
);
846 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
848 /* default is always to request posix paths. */
849 vol
->posix_paths
= 1;
854 if (strncmp(options
, "sep=", 4) == 0) {
855 if (options
[4] != 0) {
856 separator
[0] = options
[4];
859 cFYI(1, ("Null separator not allowed"));
863 while ((data
= strsep(&options
, separator
)) != NULL
) {
866 if ((value
= strchr(data
, '=')) != NULL
)
869 /* Have to parse this before we parse for "user" */
870 if (strnicmp(data
, "user_xattr", 10) == 0) {
872 } else if (strnicmp(data
, "nouser_xattr", 12) == 0) {
874 } else if (strnicmp(data
, "user", 4) == 0) {
877 "CIFS: invalid or missing username\n");
878 return 1; /* needs_arg; */
879 } else if (!*value
) {
880 /* null user, ie anonymous, authentication */
883 if (strnlen(value
, 200) < 200) {
884 vol
->username
= value
;
886 printk(KERN_WARNING
"CIFS: username too long\n");
889 } else if (strnicmp(data
, "pass", 4) == 0) {
891 vol
->password
= NULL
;
893 } else if (value
[0] == 0) {
894 /* check if string begins with double comma
895 since that would mean the password really
896 does start with a comma, and would not
897 indicate an empty string */
898 if (value
[1] != separator
[0]) {
899 vol
->password
= NULL
;
903 temp_len
= strlen(value
);
904 /* removed password length check, NTLM passwords
905 can be arbitrarily long */
907 /* if comma in password, the string will be
908 prematurely null terminated. Commas in password are
909 specified across the cifs mount interface by a double
910 comma ie ,, and a comma used as in other cases ie ','
911 as a parameter delimiter/separator is single and due
912 to the strsep above is temporarily zeroed. */
914 /* NB: password legally can have multiple commas and
915 the only illegal character in a password is null */
917 if ((value
[temp_len
] == 0) &&
918 (value
[temp_len
+1] == separator
[0])) {
920 value
[temp_len
] = separator
[0];
921 temp_len
+= 2; /* move after second comma */
922 while (value
[temp_len
] != 0) {
923 if (value
[temp_len
] == separator
[0]) {
924 if (value
[temp_len
+1] ==
926 /* skip second comma */
929 /* single comma indicating start
936 if (value
[temp_len
] == 0) {
940 /* point option to start of next parm */
941 options
= value
+ temp_len
+ 1;
943 /* go from value to value + temp_len condensing
944 double commas to singles. Note that this ends up
945 allocating a few bytes too many, which is ok */
946 vol
->password
= kzalloc(temp_len
, GFP_KERNEL
);
947 if (vol
->password
== NULL
) {
948 printk(KERN_WARNING
"CIFS: no memory "
952 for (i
= 0, j
= 0; i
< temp_len
; i
++, j
++) {
953 vol
->password
[j
] = value
[i
];
954 if (value
[i
] == separator
[0]
955 && value
[i
+1] == separator
[0]) {
956 /* skip second comma */
960 vol
->password
[j
] = 0;
962 vol
->password
= kzalloc(temp_len
+1, GFP_KERNEL
);
963 if (vol
->password
== NULL
) {
964 printk(KERN_WARNING
"CIFS: no memory "
968 strcpy(vol
->password
, value
);
970 } else if (strnicmp(data
, "ip", 2) == 0) {
971 if (!value
|| !*value
) {
973 } else if (strnlen(value
, 35) < 35) {
976 printk(KERN_WARNING
"CIFS: ip address "
980 } else if (strnicmp(data
, "sec", 3) == 0) {
981 if (!value
|| !*value
) {
982 cERROR(1, ("no security value specified"));
984 } else if (strnicmp(value
, "krb5i", 5) == 0) {
985 vol
->secFlg
|= CIFSSEC_MAY_KRB5
|
987 } else if (strnicmp(value
, "krb5p", 5) == 0) {
988 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
990 cERROR(1, ("Krb5 cifs privacy not supported"));
992 } else if (strnicmp(value
, "krb5", 4) == 0) {
993 vol
->secFlg
|= CIFSSEC_MAY_KRB5
;
994 } else if (strnicmp(value
, "ntlmv2i", 7) == 0) {
995 vol
->secFlg
|= CIFSSEC_MAY_NTLMV2
|
997 } else if (strnicmp(value
, "ntlmv2", 6) == 0) {
998 vol
->secFlg
|= CIFSSEC_MAY_NTLMV2
;
999 } else if (strnicmp(value
, "ntlmi", 5) == 0) {
1000 vol
->secFlg
|= CIFSSEC_MAY_NTLM
|
1002 } else if (strnicmp(value
, "ntlm", 4) == 0) {
1003 /* ntlm is default so can be turned off too */
1004 vol
->secFlg
|= CIFSSEC_MAY_NTLM
;
1005 } else if (strnicmp(value
, "nontlm", 6) == 0) {
1006 /* BB is there a better way to do this? */
1007 vol
->secFlg
|= CIFSSEC_MAY_NTLMV2
;
1008 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1009 } else if (strnicmp(value
, "lanman", 6) == 0) {
1010 vol
->secFlg
|= CIFSSEC_MAY_LANMAN
;
1012 } else if (strnicmp(value
, "none", 4) == 0) {
1015 cERROR(1, ("bad security option: %s", value
));
1018 } else if ((strnicmp(data
, "unc", 3) == 0)
1019 || (strnicmp(data
, "target", 6) == 0)
1020 || (strnicmp(data
, "path", 4) == 0)) {
1021 if (!value
|| !*value
) {
1022 printk(KERN_WARNING
"CIFS: invalid path to "
1023 "network resource\n");
1024 return 1; /* needs_arg; */
1026 if ((temp_len
= strnlen(value
, 300)) < 300) {
1027 vol
->UNC
= kmalloc(temp_len
+1, GFP_KERNEL
);
1028 if (vol
->UNC
== NULL
)
1030 strcpy(vol
->UNC
, value
);
1031 if (strncmp(vol
->UNC
, "//", 2) == 0) {
1034 } else if (strncmp(vol
->UNC
, "\\\\", 2) != 0) {
1036 "CIFS: UNC Path does not begin "
1037 "with // or \\\\ \n");
1041 printk(KERN_WARNING
"CIFS: UNC name too long\n");
1044 } else if ((strnicmp(data
, "domain", 3) == 0)
1045 || (strnicmp(data
, "workgroup", 5) == 0)) {
1046 if (!value
|| !*value
) {
1047 printk(KERN_WARNING
"CIFS: invalid domain name\n");
1048 return 1; /* needs_arg; */
1050 /* BB are there cases in which a comma can be valid in
1051 a domain name and need special handling? */
1052 if (strnlen(value
, 256) < 256) {
1053 vol
->domainname
= value
;
1054 cFYI(1, ("Domain name set"));
1056 printk(KERN_WARNING
"CIFS: domain name too "
1060 } else if (strnicmp(data
, "prefixpath", 10) == 0) {
1061 if (!value
|| !*value
) {
1063 "CIFS: invalid path prefix\n");
1064 return 1; /* needs_argument */
1066 if ((temp_len
= strnlen(value
, 1024)) < 1024) {
1067 if (value
[0] != '/')
1068 temp_len
++; /* missing leading slash */
1069 vol
->prepath
= kmalloc(temp_len
+1, GFP_KERNEL
);
1070 if (vol
->prepath
== NULL
)
1072 if (value
[0] != '/') {
1073 vol
->prepath
[0] = '/';
1074 strcpy(vol
->prepath
+1, value
);
1076 strcpy(vol
->prepath
, value
);
1077 cFYI(1, ("prefix path %s", vol
->prepath
));
1079 printk(KERN_WARNING
"CIFS: prefix too long\n");
1082 } else if (strnicmp(data
, "iocharset", 9) == 0) {
1083 if (!value
|| !*value
) {
1084 printk(KERN_WARNING
"CIFS: invalid iocharset "
1086 return 1; /* needs_arg; */
1088 if (strnlen(value
, 65) < 65) {
1089 if (strnicmp(value
, "default", 7))
1090 vol
->iocharset
= value
;
1091 /* if iocharset not set then load_nls_default
1092 is used by caller */
1093 cFYI(1, ("iocharset set to %s", value
));
1095 printk(KERN_WARNING
"CIFS: iocharset name "
1099 } else if (strnicmp(data
, "uid", 3) == 0) {
1100 if (value
&& *value
) {
1102 simple_strtoul(value
, &value
, 0);
1103 vol
->override_uid
= 1;
1105 } else if (strnicmp(data
, "gid", 3) == 0) {
1106 if (value
&& *value
) {
1108 simple_strtoul(value
, &value
, 0);
1109 vol
->override_gid
= 1;
1111 } else if (strnicmp(data
, "file_mode", 4) == 0) {
1112 if (value
&& *value
) {
1114 simple_strtoul(value
, &value
, 0);
1116 } else if (strnicmp(data
, "dir_mode", 4) == 0) {
1117 if (value
&& *value
) {
1119 simple_strtoul(value
, &value
, 0);
1121 } else if (strnicmp(data
, "dirmode", 4) == 0) {
1122 if (value
&& *value
) {
1124 simple_strtoul(value
, &value
, 0);
1126 } else if (strnicmp(data
, "port", 4) == 0) {
1127 if (value
&& *value
) {
1129 simple_strtoul(value
, &value
, 0);
1131 } else if (strnicmp(data
, "rsize", 5) == 0) {
1132 if (value
&& *value
) {
1134 simple_strtoul(value
, &value
, 0);
1136 } else if (strnicmp(data
, "wsize", 5) == 0) {
1137 if (value
&& *value
) {
1139 simple_strtoul(value
, &value
, 0);
1141 } else if (strnicmp(data
, "sockopt", 5) == 0) {
1142 if (value
&& *value
) {
1144 simple_strtoul(value
, &value
, 0);
1146 } else if (strnicmp(data
, "netbiosname", 4) == 0) {
1147 if (!value
|| !*value
|| (*value
== ' ')) {
1148 cFYI(1, ("invalid (empty) netbiosname"));
1150 memset(vol
->source_rfc1001_name
, 0x20, 15);
1151 for (i
= 0; i
< 15; i
++) {
1152 /* BB are there cases in which a comma can be
1153 valid in this workstation netbios name (and need
1154 special handling)? */
1156 /* We do not uppercase netbiosname for user */
1160 vol
->source_rfc1001_name
[i
] =
1163 /* The string has 16th byte zero still from
1164 set at top of the function */
1165 if ((i
== 15) && (value
[i
] != 0))
1166 printk(KERN_WARNING
"CIFS: netbiosname"
1167 " longer than 15 truncated.\n");
1169 } else if (strnicmp(data
, "servern", 7) == 0) {
1170 /* servernetbiosname specified override *SMBSERVER */
1171 if (!value
|| !*value
|| (*value
== ' ')) {
1172 cFYI(1, ("empty server netbiosname specified"));
1174 /* last byte, type, is 0x20 for servr type */
1175 memset(vol
->target_rfc1001_name
, 0x20, 16);
1177 for (i
= 0; i
< 15; i
++) {
1178 /* BB are there cases in which a comma can be
1179 valid in this workstation netbios name
1180 (and need special handling)? */
1182 /* user or mount helper must uppercase
1187 vol
->target_rfc1001_name
[i
] =
1190 /* The string has 16th byte zero still from
1191 set at top of the function */
1192 if ((i
== 15) && (value
[i
] != 0))
1193 printk(KERN_WARNING
"CIFS: server net"
1194 "biosname longer than 15 truncated.\n");
1196 } else if (strnicmp(data
, "credentials", 4) == 0) {
1198 } else if (strnicmp(data
, "version", 3) == 0) {
1200 } else if (strnicmp(data
, "guest", 5) == 0) {
1202 } else if (strnicmp(data
, "rw", 2) == 0) {
1204 } else if (strnicmp(data
, "noblocksend", 11) == 0) {
1205 vol
->noblocksnd
= 1;
1206 } else if (strnicmp(data
, "noautotune", 10) == 0) {
1207 vol
->noautotune
= 1;
1208 } else if ((strnicmp(data
, "suid", 4) == 0) ||
1209 (strnicmp(data
, "nosuid", 6) == 0) ||
1210 (strnicmp(data
, "exec", 4) == 0) ||
1211 (strnicmp(data
, "noexec", 6) == 0) ||
1212 (strnicmp(data
, "nodev", 5) == 0) ||
1213 (strnicmp(data
, "noauto", 6) == 0) ||
1214 (strnicmp(data
, "dev", 3) == 0)) {
1215 /* The mount tool or mount.cifs helper (if present)
1216 uses these opts to set flags, and the flags are read
1217 by the kernel vfs layer before we get here (ie
1218 before read super) so there is no point trying to
1219 parse these options again and set anything and it
1220 is ok to just ignore them */
1222 } else if (strnicmp(data
, "ro", 2) == 0) {
1224 } else if (strnicmp(data
, "hard", 4) == 0) {
1226 } else if (strnicmp(data
, "soft", 4) == 0) {
1228 } else if (strnicmp(data
, "perm", 4) == 0) {
1230 } else if (strnicmp(data
, "noperm", 6) == 0) {
1232 } else if (strnicmp(data
, "mapchars", 8) == 0) {
1234 } else if (strnicmp(data
, "nomapchars", 10) == 0) {
1236 } else if (strnicmp(data
, "sfu", 3) == 0) {
1238 } else if (strnicmp(data
, "nosfu", 5) == 0) {
1240 } else if (strnicmp(data
, "nodfs", 5) == 0) {
1242 } else if (strnicmp(data
, "posixpaths", 10) == 0) {
1243 vol
->posix_paths
= 1;
1244 } else if (strnicmp(data
, "noposixpaths", 12) == 0) {
1245 vol
->posix_paths
= 0;
1246 } else if (strnicmp(data
, "nounix", 6) == 0) {
1247 vol
->no_linux_ext
= 1;
1248 } else if (strnicmp(data
, "nolinux", 7) == 0) {
1249 vol
->no_linux_ext
= 1;
1250 } else if ((strnicmp(data
, "nocase", 6) == 0) ||
1251 (strnicmp(data
, "ignorecase", 10) == 0)) {
1253 } else if (strnicmp(data
, "brl", 3) == 0) {
1255 } else if ((strnicmp(data
, "nobrl", 5) == 0) ||
1256 (strnicmp(data
, "nolock", 6) == 0)) {
1258 /* turn off mandatory locking in mode
1259 if remote locking is turned off since the
1260 local vfs will do advisory */
1261 if (vol
->file_mode
==
1262 (S_IALLUGO
& ~(S_ISUID
| S_IXGRP
)))
1263 vol
->file_mode
= S_IALLUGO
;
1264 } else if (strnicmp(data
, "setuids", 7) == 0) {
1266 } else if (strnicmp(data
, "nosetuids", 9) == 0) {
1268 } else if (strnicmp(data
, "dynperm", 7) == 0) {
1269 vol
->dynperm
= true;
1270 } else if (strnicmp(data
, "nodynperm", 9) == 0) {
1271 vol
->dynperm
= false;
1272 } else if (strnicmp(data
, "nohard", 6) == 0) {
1274 } else if (strnicmp(data
, "nosoft", 6) == 0) {
1276 } else if (strnicmp(data
, "nointr", 6) == 0) {
1278 } else if (strnicmp(data
, "intr", 4) == 0) {
1280 } else if (strnicmp(data
, "serverino", 7) == 0) {
1281 vol
->server_ino
= 1;
1282 } else if (strnicmp(data
, "noserverino", 9) == 0) {
1283 vol
->server_ino
= 0;
1284 } else if (strnicmp(data
, "cifsacl", 7) == 0) {
1286 } else if (strnicmp(data
, "nocifsacl", 9) == 0) {
1288 } else if (strnicmp(data
, "acl", 3) == 0) {
1289 vol
->no_psx_acl
= 0;
1290 } else if (strnicmp(data
, "noacl", 5) == 0) {
1291 vol
->no_psx_acl
= 1;
1292 #ifdef CONFIG_CIFS_EXPERIMENTAL
1293 } else if (strnicmp(data
, "locallease", 6) == 0) {
1294 vol
->local_lease
= 1;
1296 } else if (strnicmp(data
, "sign", 4) == 0) {
1297 vol
->secFlg
|= CIFSSEC_MUST_SIGN
;
1298 } else if (strnicmp(data
, "seal", 4) == 0) {
1299 /* we do not do the following in secFlags because seal
1300 is a per tree connection (mount) not a per socket
1301 or per-smb connection option in the protocol */
1302 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1304 } else if (strnicmp(data
, "direct", 6) == 0) {
1306 } else if (strnicmp(data
, "forcedirectio", 13) == 0) {
1308 } else if (strnicmp(data
, "in6_addr", 8) == 0) {
1309 if (!value
|| !*value
) {
1310 vol
->in6_addr
= NULL
;
1311 } else if (strnlen(value
, 49) == 48) {
1312 vol
->in6_addr
= value
;
1314 printk(KERN_WARNING
"CIFS: ip v6 address not "
1315 "48 characters long\n");
1318 } else if (strnicmp(data
, "noac", 4) == 0) {
1319 printk(KERN_WARNING
"CIFS: Mount option noac not "
1320 "supported. Instead set "
1321 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1323 printk(KERN_WARNING
"CIFS: Unknown mount option %s\n",
1326 if (vol
->UNC
== NULL
) {
1327 if (devname
== NULL
) {
1328 printk(KERN_WARNING
"CIFS: Missing UNC name for mount "
1332 if ((temp_len
= strnlen(devname
, 300)) < 300) {
1333 vol
->UNC
= kmalloc(temp_len
+1, GFP_KERNEL
);
1334 if (vol
->UNC
== NULL
)
1336 strcpy(vol
->UNC
, devname
);
1337 if (strncmp(vol
->UNC
, "//", 2) == 0) {
1340 } else if (strncmp(vol
->UNC
, "\\\\", 2) != 0) {
1341 printk(KERN_WARNING
"CIFS: UNC Path does not "
1342 "begin with // or \\\\ \n");
1345 value
= strpbrk(vol
->UNC
+2, "/\\");
1349 printk(KERN_WARNING
"CIFS: UNC name too long\n");
1353 if (vol
->UNCip
== NULL
)
1354 vol
->UNCip
= &vol
->UNC
[2];
1359 static struct TCP_Server_Info
*
1360 cifs_find_tcp_session(struct sockaddr
*addr
)
1362 struct list_head
*tmp
;
1363 struct TCP_Server_Info
*server
;
1364 struct sockaddr_in
*addr4
= (struct sockaddr_in
*) addr
;
1365 struct sockaddr_in6
*addr6
= (struct sockaddr_in6
*) addr
;
1367 write_lock(&cifs_tcp_ses_lock
);
1368 list_for_each(tmp
, &cifs_tcp_ses_list
) {
1369 server
= list_entry(tmp
, struct TCP_Server_Info
,
1373 * the demux thread can exit on its own while still in CifsNew
1374 * so don't accept any sockets in that state. Since the
1375 * tcpStatus never changes back to CifsNew it's safe to check
1376 * for this without a lock.
1378 if (server
->tcpStatus
== CifsNew
)
1381 if (addr
->sa_family
== AF_INET
&&
1382 (addr4
->sin_addr
.s_addr
!=
1383 server
->addr
.sockAddr
.sin_addr
.s_addr
))
1385 else if (addr
->sa_family
== AF_INET6
&&
1386 memcmp(&server
->addr
.sockAddr6
.sin6_addr
,
1387 &addr6
->sin6_addr
, sizeof(addr6
->sin6_addr
)))
1390 ++server
->srv_count
;
1391 write_unlock(&cifs_tcp_ses_lock
);
1394 write_unlock(&cifs_tcp_ses_lock
);
1399 cifs_put_tcp_session(struct TCP_Server_Info
*server
)
1401 struct task_struct
*task
;
1403 write_lock(&cifs_tcp_ses_lock
);
1404 if (--server
->srv_count
> 0) {
1405 write_unlock(&cifs_tcp_ses_lock
);
1409 list_del_init(&server
->tcp_ses_list
);
1410 write_unlock(&cifs_tcp_ses_lock
);
1412 spin_lock(&GlobalMid_Lock
);
1413 server
->tcpStatus
= CifsExiting
;
1414 spin_unlock(&GlobalMid_Lock
);
1416 task
= xchg(&server
->tsk
, NULL
);
1418 force_sig(SIGKILL
, task
);
1421 static struct cifsSesInfo
*
1422 cifs_find_smb_ses(struct TCP_Server_Info
*server
, char *username
)
1424 struct list_head
*tmp
;
1425 struct cifsSesInfo
*ses
;
1427 write_lock(&cifs_tcp_ses_lock
);
1428 list_for_each(tmp
, &server
->smb_ses_list
) {
1429 ses
= list_entry(tmp
, struct cifsSesInfo
, smb_ses_list
);
1430 if (strncmp(ses
->userName
, username
, MAX_USERNAME_SIZE
))
1434 write_unlock(&cifs_tcp_ses_lock
);
1437 write_unlock(&cifs_tcp_ses_lock
);
1442 cifs_put_smb_ses(struct cifsSesInfo
*ses
)
1445 struct TCP_Server_Info
*server
= ses
->server
;
1447 write_lock(&cifs_tcp_ses_lock
);
1448 if (--ses
->ses_count
> 0) {
1449 write_unlock(&cifs_tcp_ses_lock
);
1453 list_del_init(&ses
->smb_ses_list
);
1454 write_unlock(&cifs_tcp_ses_lock
);
1456 if (ses
->status
== CifsGood
) {
1458 CIFSSMBLogoff(xid
, ses
);
1462 cifs_put_tcp_session(server
);
1466 get_dfs_path(int xid
, struct cifsSesInfo
*pSesInfo
, const char *old_path
,
1467 const struct nls_table
*nls_codepage
, unsigned int *pnum_referrals
,
1468 struct dfs_info3_param
**preferrals
, int remap
)
1473 *pnum_referrals
= 0;
1476 if (pSesInfo
->ipc_tid
== 0) {
1477 temp_unc
= kmalloc(2 /* for slashes */ +
1478 strnlen(pSesInfo
->serverName
,
1479 SERVER_NAME_LEN_WITH_NULL
* 2)
1480 + 1 + 4 /* slash IPC$ */ + 2,
1482 if (temp_unc
== NULL
)
1486 strcpy(temp_unc
+ 2, pSesInfo
->serverName
);
1487 strcpy(temp_unc
+ 2 + strlen(pSesInfo
->serverName
), "\\IPC$");
1488 rc
= CIFSTCon(xid
, pSesInfo
, temp_unc
, NULL
, nls_codepage
);
1490 ("CIFS Tcon rc = %d ipc_tid = %d", rc
, pSesInfo
->ipc_tid
));
1494 rc
= CIFSGetDFSRefer(xid
, pSesInfo
, old_path
, preferrals
,
1495 pnum_referrals
, nls_codepage
, remap
);
1496 /* BB map targetUNCs to dfs_info3 structures, here or
1497 in CIFSGetDFSRefer BB */
1502 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1503 static struct lock_class_key cifs_key
[2];
1504 static struct lock_class_key cifs_slock_key
[2];
1507 cifs_reclassify_socket4(struct socket
*sock
)
1509 struct sock
*sk
= sock
->sk
;
1510 BUG_ON(sock_owned_by_user(sk
));
1511 sock_lock_init_class_and_name(sk
, "slock-AF_INET-CIFS",
1512 &cifs_slock_key
[0], "sk_lock-AF_INET-CIFS", &cifs_key
[0]);
1516 cifs_reclassify_socket6(struct socket
*sock
)
1518 struct sock
*sk
= sock
->sk
;
1519 BUG_ON(sock_owned_by_user(sk
));
1520 sock_lock_init_class_and_name(sk
, "slock-AF_INET6-CIFS",
1521 &cifs_slock_key
[1], "sk_lock-AF_INET6-CIFS", &cifs_key
[1]);
1525 cifs_reclassify_socket4(struct socket
*sock
)
1530 cifs_reclassify_socket6(struct socket
*sock
)
1535 /* See RFC1001 section 14 on representation of Netbios names */
1536 static void rfc1002mangle(char *target
, char *source
, unsigned int length
)
1540 for (i
= 0, j
= 0; i
< (length
); i
++) {
1541 /* mask a nibble at a time and encode */
1542 target
[j
] = 'A' + (0x0F & (source
[i
] >> 4));
1543 target
[j
+1] = 'A' + (0x0F & source
[i
]);
1551 ipv4_connect(struct sockaddr_in
*psin_server
, struct socket
**csocket
,
1552 char *netbios_name
, char *target_name
,
1553 bool noblocksnd
, bool noautotune
)
1557 __be16 orig_port
= 0;
1559 if (*csocket
== NULL
) {
1560 rc
= sock_create_kern(PF_INET
, SOCK_STREAM
,
1561 IPPROTO_TCP
, csocket
);
1563 cERROR(1, ("Error %d creating socket", rc
));
1567 /* BB other socket options to set KEEPALIVE, NODELAY? */
1568 cFYI(1, ("Socket created"));
1569 (*csocket
)->sk
->sk_allocation
= GFP_NOFS
;
1570 cifs_reclassify_socket4(*csocket
);
1574 psin_server
->sin_family
= AF_INET
;
1575 if (psin_server
->sin_port
) { /* user overrode default port */
1576 rc
= (*csocket
)->ops
->connect(*csocket
,
1577 (struct sockaddr
*) psin_server
,
1578 sizeof(struct sockaddr_in
), 0);
1584 /* save original port so we can retry user specified port
1585 later if fall back ports fail this time */
1586 orig_port
= psin_server
->sin_port
;
1588 /* do not retry on the same port we just failed on */
1589 if (psin_server
->sin_port
!= htons(CIFS_PORT
)) {
1590 psin_server
->sin_port
= htons(CIFS_PORT
);
1592 rc
= (*csocket
)->ops
->connect(*csocket
,
1593 (struct sockaddr
*) psin_server
,
1594 sizeof(struct sockaddr_in
), 0);
1600 psin_server
->sin_port
= htons(RFC1001_PORT
);
1601 rc
= (*csocket
)->ops
->connect(*csocket
, (struct sockaddr
*)
1603 sizeof(struct sockaddr_in
), 0);
1608 /* give up here - unless we want to retry on different
1609 protocol families some day */
1612 psin_server
->sin_port
= orig_port
;
1613 cFYI(1, ("Error %d connecting to server via ipv4", rc
));
1614 sock_release(*csocket
);
1618 /* Eventually check for other socket options to change from
1619 the default. sock_setsockopt not used because it expects
1620 user space buffer */
1621 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1622 (*csocket
)->sk
->sk_sndbuf
,
1623 (*csocket
)->sk
->sk_rcvbuf
, (*csocket
)->sk
->sk_rcvtimeo
));
1624 (*csocket
)->sk
->sk_rcvtimeo
= 7 * HZ
;
1626 (*csocket
)->sk
->sk_sndtimeo
= 3 * HZ
;
1628 /* make the bufsizes depend on wsize/rsize and max requests */
1630 if ((*csocket
)->sk
->sk_sndbuf
< (200 * 1024))
1631 (*csocket
)->sk
->sk_sndbuf
= 200 * 1024;
1632 if ((*csocket
)->sk
->sk_rcvbuf
< (140 * 1024))
1633 (*csocket
)->sk
->sk_rcvbuf
= 140 * 1024;
1636 /* send RFC1001 sessinit */
1637 if (psin_server
->sin_port
== htons(RFC1001_PORT
)) {
1638 /* some servers require RFC1001 sessinit before sending
1639 negprot - BB check reconnection in case where second
1640 sessinit is sent but no second negprot */
1641 struct rfc1002_session_packet
*ses_init_buf
;
1642 struct smb_hdr
*smb_buf
;
1643 ses_init_buf
= kzalloc(sizeof(struct rfc1002_session_packet
),
1646 ses_init_buf
->trailer
.session_req
.called_len
= 32;
1647 if (target_name
&& (target_name
[0] != 0)) {
1648 rfc1002mangle(ses_init_buf
->trailer
.session_req
.called_name
,
1651 rfc1002mangle(ses_init_buf
->trailer
.session_req
.called_name
,
1652 DEFAULT_CIFS_CALLED_NAME
, 16);
1655 ses_init_buf
->trailer
.session_req
.calling_len
= 32;
1656 /* calling name ends in null (byte 16) from old smb
1658 if (netbios_name
&& (netbios_name
[0] != 0)) {
1659 rfc1002mangle(ses_init_buf
->trailer
.session_req
.calling_name
,
1662 rfc1002mangle(ses_init_buf
->trailer
.session_req
.calling_name
,
1663 "LINUX_CIFS_CLNT", 16);
1665 ses_init_buf
->trailer
.session_req
.scope1
= 0;
1666 ses_init_buf
->trailer
.session_req
.scope2
= 0;
1667 smb_buf
= (struct smb_hdr
*)ses_init_buf
;
1668 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1669 smb_buf
->smb_buf_length
= 0x81000044;
1670 rc
= smb_send(*csocket
, smb_buf
, 0x44,
1671 (struct sockaddr
*)psin_server
, noblocksnd
);
1672 kfree(ses_init_buf
);
1673 msleep(1); /* RFC1001 layer in at least one server
1674 requires very short break before negprot
1675 presumably because not expecting negprot
1676 to follow so fast. This is a simple
1677 solution that works without
1678 complicating the code and causes no
1679 significant slowing down on mount
1680 for everyone else */
1682 /* else the negprot may still work without this
1683 even though malloc failed */
1691 ipv6_connect(struct sockaddr_in6
*psin_server
, struct socket
**csocket
,
1696 __be16 orig_port
= 0;
1698 if (*csocket
== NULL
) {
1699 rc
= sock_create_kern(PF_INET6
, SOCK_STREAM
,
1700 IPPROTO_TCP
, csocket
);
1702 cERROR(1, ("Error %d creating ipv6 socket", rc
));
1706 /* BB other socket options to set KEEPALIVE, NODELAY? */
1707 cFYI(1, ("ipv6 Socket created"));
1708 (*csocket
)->sk
->sk_allocation
= GFP_NOFS
;
1709 cifs_reclassify_socket6(*csocket
);
1713 psin_server
->sin6_family
= AF_INET6
;
1715 if (psin_server
->sin6_port
) { /* user overrode default port */
1716 rc
= (*csocket
)->ops
->connect(*csocket
,
1717 (struct sockaddr
*) psin_server
,
1718 sizeof(struct sockaddr_in6
), 0);
1724 /* save original port so we can retry user specified port
1725 later if fall back ports fail this time */
1727 orig_port
= psin_server
->sin6_port
;
1728 /* do not retry on the same port we just failed on */
1729 if (psin_server
->sin6_port
!= htons(CIFS_PORT
)) {
1730 psin_server
->sin6_port
= htons(CIFS_PORT
);
1732 rc
= (*csocket
)->ops
->connect(*csocket
,
1733 (struct sockaddr
*) psin_server
,
1734 sizeof(struct sockaddr_in6
), 0);
1740 psin_server
->sin6_port
= htons(RFC1001_PORT
);
1741 rc
= (*csocket
)->ops
->connect(*csocket
, (struct sockaddr
*)
1742 psin_server
, sizeof(struct sockaddr_in6
), 0);
1747 /* give up here - unless we want to retry on different
1748 protocol families some day */
1751 psin_server
->sin6_port
= orig_port
;
1752 cFYI(1, ("Error %d connecting to server via ipv6", rc
));
1753 sock_release(*csocket
);
1757 /* Eventually check for other socket options to change from
1758 the default. sock_setsockopt not used because it expects
1759 user space buffer */
1760 (*csocket
)->sk
->sk_rcvtimeo
= 7 * HZ
;
1762 (*csocket
)->sk
->sk_sndtimeo
= 3 * HZ
;
1768 void reset_cifs_unix_caps(int xid
, struct cifsTconInfo
*tcon
,
1769 struct super_block
*sb
, struct smb_vol
*vol_info
)
1771 /* if we are reconnecting then should we check to see if
1772 * any requested capabilities changed locally e.g. via
1773 * remount but we can not do much about it here
1774 * if they have (even if we could detect it by the following)
1775 * Perhaps we could add a backpointer to array of sb from tcon
1776 * or if we change to make all sb to same share the same
1777 * sb as NFS - then we only have one backpointer to sb.
1778 * What if we wanted to mount the server share twice once with
1779 * and once without posixacls or posix paths? */
1780 __u64 saved_cap
= le64_to_cpu(tcon
->fsUnixInfo
.Capability
);
1782 if (vol_info
&& vol_info
->no_linux_ext
) {
1783 tcon
->fsUnixInfo
.Capability
= 0;
1784 tcon
->unix_ext
= 0; /* Unix Extensions disabled */
1785 cFYI(1, ("Linux protocol extensions disabled"));
1787 } else if (vol_info
)
1788 tcon
->unix_ext
= 1; /* Unix Extensions supported */
1790 if (tcon
->unix_ext
== 0) {
1791 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1795 if (!CIFSSMBQFSUnixInfo(xid
, tcon
)) {
1796 __u64 cap
= le64_to_cpu(tcon
->fsUnixInfo
.Capability
);
1798 /* check for reconnect case in which we do not
1799 want to change the mount behavior if we can avoid it */
1800 if (vol_info
== NULL
) {
1801 /* turn off POSIX ACL and PATHNAMES if not set
1802 originally at mount time */
1803 if ((saved_cap
& CIFS_UNIX_POSIX_ACL_CAP
) == 0)
1804 cap
&= ~CIFS_UNIX_POSIX_ACL_CAP
;
1805 if ((saved_cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
) == 0) {
1806 if (cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
)
1807 cERROR(1, ("POSIXPATH support change"));
1808 cap
&= ~CIFS_UNIX_POSIX_PATHNAMES_CAP
;
1809 } else if ((cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
) == 0) {
1810 cERROR(1, ("possible reconnect error"));
1812 ("server disabled POSIX path support"));
1816 cap
&= CIFS_UNIX_CAP_MASK
;
1817 if (vol_info
&& vol_info
->no_psx_acl
)
1818 cap
&= ~CIFS_UNIX_POSIX_ACL_CAP
;
1819 else if (CIFS_UNIX_POSIX_ACL_CAP
& cap
) {
1820 cFYI(1, ("negotiated posix acl support"));
1822 sb
->s_flags
|= MS_POSIXACL
;
1825 if (vol_info
&& vol_info
->posix_paths
== 0)
1826 cap
&= ~CIFS_UNIX_POSIX_PATHNAMES_CAP
;
1827 else if (cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
) {
1828 cFYI(1, ("negotiate posix pathnames"));
1830 CIFS_SB(sb
)->mnt_cifs_flags
|=
1831 CIFS_MOUNT_POSIX_PATHS
;
1834 /* We might be setting the path sep back to a different
1835 form if we are reconnecting and the server switched its
1836 posix path capability for this share */
1837 if (sb
&& (CIFS_SB(sb
)->prepathlen
> 0))
1838 CIFS_SB(sb
)->prepath
[0] = CIFS_DIR_SEP(CIFS_SB(sb
));
1840 if (sb
&& (CIFS_SB(sb
)->rsize
> 127 * 1024)) {
1841 if ((cap
& CIFS_UNIX_LARGE_READ_CAP
) == 0) {
1842 CIFS_SB(sb
)->rsize
= 127 * 1024;
1844 ("larger reads not supported by srv"));
1849 cFYI(1, ("Negotiate caps 0x%x", (int)cap
));
1850 #ifdef CONFIG_CIFS_DEBUG2
1851 if (cap
& CIFS_UNIX_FCNTL_CAP
)
1852 cFYI(1, ("FCNTL cap"));
1853 if (cap
& CIFS_UNIX_EXTATTR_CAP
)
1854 cFYI(1, ("EXTATTR cap"));
1855 if (cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
)
1856 cFYI(1, ("POSIX path cap"));
1857 if (cap
& CIFS_UNIX_XATTR_CAP
)
1858 cFYI(1, ("XATTR cap"));
1859 if (cap
& CIFS_UNIX_POSIX_ACL_CAP
)
1860 cFYI(1, ("POSIX ACL cap"));
1861 if (cap
& CIFS_UNIX_LARGE_READ_CAP
)
1862 cFYI(1, ("very large read cap"));
1863 if (cap
& CIFS_UNIX_LARGE_WRITE_CAP
)
1864 cFYI(1, ("very large write cap"));
1865 #endif /* CIFS_DEBUG2 */
1866 if (CIFSSMBSetFSUnixInfo(xid
, tcon
, cap
)) {
1867 if (vol_info
== NULL
) {
1868 cFYI(1, ("resetting capabilities failed"));
1870 cERROR(1, ("Negotiating Unix capabilities "
1871 "with the server failed. Consider "
1872 "mounting with the Unix Extensions\n"
1873 "disabled, if problems are found, "
1874 "by specifying the nounix mount "
1882 convert_delimiter(char *path
, char delim
)
1895 for (i
= 0; path
[i
] != '\0'; i
++) {
1896 if (path
[i
] == old_delim
)
1901 static void setup_cifs_sb(struct smb_vol
*pvolume_info
,
1902 struct cifs_sb_info
*cifs_sb
)
1904 if (pvolume_info
->rsize
> CIFSMaxBufSize
) {
1905 cERROR(1, ("rsize %d too large, using MaxBufSize",
1906 pvolume_info
->rsize
));
1907 cifs_sb
->rsize
= CIFSMaxBufSize
;
1908 } else if ((pvolume_info
->rsize
) &&
1909 (pvolume_info
->rsize
<= CIFSMaxBufSize
))
1910 cifs_sb
->rsize
= pvolume_info
->rsize
;
1912 cifs_sb
->rsize
= CIFSMaxBufSize
;
1914 if (pvolume_info
->wsize
> PAGEVEC_SIZE
* PAGE_CACHE_SIZE
) {
1915 cERROR(1, ("wsize %d too large, using 4096 instead",
1916 pvolume_info
->wsize
));
1917 cifs_sb
->wsize
= 4096;
1918 } else if (pvolume_info
->wsize
)
1919 cifs_sb
->wsize
= pvolume_info
->wsize
;
1921 cifs_sb
->wsize
= min_t(const int,
1922 PAGEVEC_SIZE
* PAGE_CACHE_SIZE
,
1924 /* old default of CIFSMaxBufSize was too small now
1925 that SMB Write2 can send multiple pages in kvec.
1926 RFC1001 does not describe what happens when frame
1927 bigger than 128K is sent so use that as max in
1928 conjunction with 52K kvec constraint on arch with 4K
1931 if (cifs_sb
->rsize
< 2048) {
1932 cifs_sb
->rsize
= 2048;
1933 /* Windows ME may prefer this */
1934 cFYI(1, ("readsize set to minimum: 2048"));
1936 /* calculate prepath */
1937 cifs_sb
->prepath
= pvolume_info
->prepath
;
1938 if (cifs_sb
->prepath
) {
1939 cifs_sb
->prepathlen
= strlen(cifs_sb
->prepath
);
1940 /* we can not convert the / to \ in the path
1941 separators in the prefixpath yet because we do not
1942 know (until reset_cifs_unix_caps is called later)
1943 whether POSIX PATH CAP is available. We normalize
1944 the / to \ after reset_cifs_unix_caps is called */
1945 pvolume_info
->prepath
= NULL
;
1947 cifs_sb
->prepathlen
= 0;
1948 cifs_sb
->mnt_uid
= pvolume_info
->linux_uid
;
1949 cifs_sb
->mnt_gid
= pvolume_info
->linux_gid
;
1950 cifs_sb
->mnt_file_mode
= pvolume_info
->file_mode
;
1951 cifs_sb
->mnt_dir_mode
= pvolume_info
->dir_mode
;
1952 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
1953 cifs_sb
->mnt_file_mode
, cifs_sb
->mnt_dir_mode
));
1955 if (pvolume_info
->noperm
)
1956 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_NO_PERM
;
1957 if (pvolume_info
->setuids
)
1958 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_SET_UID
;
1959 if (pvolume_info
->server_ino
)
1960 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_SERVER_INUM
;
1961 if (pvolume_info
->remap
)
1962 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_MAP_SPECIAL_CHR
;
1963 if (pvolume_info
->no_xattr
)
1964 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_NO_XATTR
;
1965 if (pvolume_info
->sfu_emul
)
1966 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_UNX_EMUL
;
1967 if (pvolume_info
->nobrl
)
1968 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_NO_BRL
;
1969 if (pvolume_info
->cifs_acl
)
1970 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_CIFS_ACL
;
1971 if (pvolume_info
->override_uid
)
1972 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_OVERR_UID
;
1973 if (pvolume_info
->override_gid
)
1974 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_OVERR_GID
;
1975 if (pvolume_info
->dynperm
)
1976 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_DYNPERM
;
1977 if (pvolume_info
->direct_io
) {
1978 cFYI(1, ("mounting share using direct i/o"));
1979 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_DIRECT_IO
;
1982 if ((pvolume_info
->cifs_acl
) && (pvolume_info
->dynperm
))
1983 cERROR(1, ("mount option dynperm ignored if cifsacl "
1984 "mount option supported"));
1988 cifs_mount(struct super_block
*sb
, struct cifs_sb_info
*cifs_sb
,
1989 char *mount_data
, const char *devname
)
1993 struct socket
*csocket
= NULL
;
1994 struct sockaddr addr
;
1995 struct sockaddr_in
*sin_server
= (struct sockaddr_in
*) &addr
;
1996 struct sockaddr_in6
*sin_server6
= (struct sockaddr_in6
*) &addr
;
1997 struct smb_vol volume_info
;
1998 struct cifsSesInfo
*pSesInfo
= NULL
;
1999 struct cifsTconInfo
*tcon
= NULL
;
2000 struct TCP_Server_Info
*srvTcp
= NULL
;
2004 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
2006 memset(&addr
, 0, sizeof(struct sockaddr
));
2007 memset(&volume_info
, 0, sizeof(struct smb_vol
));
2008 if (cifs_parse_mount_options(mount_data
, devname
, &volume_info
)) {
2013 if (volume_info
.nullauth
) {
2014 cFYI(1, ("null user"));
2015 volume_info
.username
= "";
2016 } else if (volume_info
.username
) {
2017 /* BB fixme parse for domain name here */
2018 cFYI(1, ("Username: %s", volume_info
.username
));
2020 cifserror("No username specified");
2021 /* In userspace mount helper we can get user name from alternate
2022 locations such as env variables and files on disk */
2027 if (volume_info
.UNCip
&& volume_info
.UNC
) {
2028 rc
= cifs_inet_pton(AF_INET
, volume_info
.UNCip
,
2029 &sin_server
->sin_addr
.s_addr
);
2032 /* not ipv4 address, try ipv6 */
2033 rc
= cifs_inet_pton(AF_INET6
, volume_info
.UNCip
,
2034 &sin_server6
->sin6_addr
.in6_u
);
2036 addr
.sa_family
= AF_INET6
;
2038 addr
.sa_family
= AF_INET
;
2042 /* we failed translating address */
2047 cFYI(1, ("UNC: %s ip: %s", volume_info
.UNC
, volume_info
.UNCip
));
2050 } else if (volume_info
.UNCip
) {
2051 /* BB using ip addr as server name to connect to the
2053 cERROR(1, ("Connecting to DFS root not implemented yet"));
2056 } else /* which servers DFS root would we conect to */ {
2058 ("CIFS mount error: No UNC path (e.g. -o "
2059 "unc=//192.168.1.100/public) specified"));
2064 /* this is needed for ASCII cp to Unicode converts */
2065 if (volume_info
.iocharset
== NULL
) {
2066 cifs_sb
->local_nls
= load_nls_default();
2067 /* load_nls_default can not return null */
2069 cifs_sb
->local_nls
= load_nls(volume_info
.iocharset
);
2070 if (cifs_sb
->local_nls
== NULL
) {
2071 cERROR(1, ("CIFS mount error: iocharset %s not found",
2072 volume_info
.iocharset
));
2078 srvTcp
= cifs_find_tcp_session(&addr
);
2080 cFYI(1, ("Existing tcp session with server found"));
2081 } else { /* create socket */
2082 if (addr
.sa_family
== AF_INET6
) {
2083 cFYI(1, ("attempting ipv6 connect"));
2084 /* BB should we allow ipv6 on port 139? */
2085 /* other OS never observed in Wild doing 139 with v6 */
2086 sin_server6
->sin6_port
= htons(volume_info
.port
);
2087 rc
= ipv6_connect(sin_server6
, &csocket
,
2088 volume_info
.noblocksnd
);
2090 sin_server
->sin_port
= htons(volume_info
.port
);
2091 rc
= ipv4_connect(sin_server
, &csocket
,
2092 volume_info
.source_rfc1001_name
,
2093 volume_info
.target_rfc1001_name
,
2094 volume_info
.noblocksnd
,
2095 volume_info
.noautotune
);
2098 cERROR(1, ("Error connecting to socket. "
2099 "Aborting operation"));
2100 if (csocket
!= NULL
)
2101 sock_release(csocket
);
2105 srvTcp
= kzalloc(sizeof(struct TCP_Server_Info
), GFP_KERNEL
);
2108 sock_release(csocket
);
2111 srvTcp
->noblocksnd
= volume_info
.noblocksnd
;
2112 srvTcp
->noautotune
= volume_info
.noautotune
;
2113 if (addr
.sa_family
== AF_INET6
)
2114 memcpy(&srvTcp
->addr
.sockAddr6
, sin_server6
,
2115 sizeof(struct sockaddr_in6
));
2117 memcpy(&srvTcp
->addr
.sockAddr
, sin_server
,
2118 sizeof(struct sockaddr_in
));
2119 atomic_set(&srvTcp
->inFlight
, 0);
2120 /* BB Add code for ipv6 case too */
2121 srvTcp
->ssocket
= csocket
;
2122 srvTcp
->hostname
= extract_hostname(volume_info
.UNC
);
2123 if (IS_ERR(srvTcp
->hostname
)) {
2124 rc
= PTR_ERR(srvTcp
->hostname
);
2125 sock_release(csocket
);
2128 init_waitqueue_head(&srvTcp
->response_q
);
2129 init_waitqueue_head(&srvTcp
->request_q
);
2130 INIT_LIST_HEAD(&srvTcp
->pending_mid_q
);
2131 /* at this point we are the only ones with the pointer
2132 to the struct since the kernel thread not created yet
2133 so no need to spinlock this init of tcpStatus */
2134 srvTcp
->tcpStatus
= CifsNew
;
2135 init_MUTEX(&srvTcp
->tcpSem
);
2136 srvTcp
->tsk
= kthread_run((void *)(void *)cifs_demultiplex_thread
, srvTcp
, "cifsd");
2137 if (IS_ERR(srvTcp
->tsk
)) {
2138 rc
= PTR_ERR(srvTcp
->tsk
);
2139 cERROR(1, ("error %d create cifsd thread", rc
));
2141 sock_release(csocket
);
2142 kfree(srvTcp
->hostname
);
2146 memcpy(srvTcp
->workstation_RFC1001_name
,
2147 volume_info
.source_rfc1001_name
, 16);
2148 memcpy(srvTcp
->server_RFC1001_name
,
2149 volume_info
.target_rfc1001_name
, 16);
2150 srvTcp
->sequence_number
= 0;
2151 INIT_LIST_HEAD(&srvTcp
->tcp_ses_list
);
2152 INIT_LIST_HEAD(&srvTcp
->smb_ses_list
);
2153 ++srvTcp
->srv_count
;
2154 write_lock(&cifs_tcp_ses_lock
);
2155 list_add(&srvTcp
->tcp_ses_list
,
2156 &cifs_tcp_ses_list
);
2157 write_unlock(&cifs_tcp_ses_lock
);
2161 pSesInfo
= cifs_find_smb_ses(srvTcp
, volume_info
.username
);
2163 cFYI(1, ("Existing smb sess found (status=%d)",
2166 * The existing SMB session already has a reference to srvTcp,
2167 * so we can put back the extra one we got before
2169 cifs_put_tcp_session(srvTcp
);
2171 down(&pSesInfo
->sesSem
);
2172 if (pSesInfo
->need_reconnect
) {
2173 cFYI(1, ("Session needs reconnect"));
2174 rc
= cifs_setup_session(xid
, pSesInfo
,
2175 cifs_sb
->local_nls
);
2177 up(&pSesInfo
->sesSem
);
2179 cFYI(1, ("Existing smb sess not found"));
2180 pSesInfo
= sesInfoAlloc();
2181 if (pSesInfo
== NULL
) {
2183 goto mount_fail_check
;
2186 /* new SMB session uses our srvTcp ref */
2187 pSesInfo
->server
= srvTcp
;
2188 sprintf(pSesInfo
->serverName
, "%u.%u.%u.%u",
2189 NIPQUAD(sin_server
->sin_addr
.s_addr
));
2191 write_lock(&cifs_tcp_ses_lock
);
2192 list_add(&pSesInfo
->smb_ses_list
, &srvTcp
->smb_ses_list
);
2193 write_unlock(&cifs_tcp_ses_lock
);
2195 /* volume_info.password freed at unmount */
2196 if (volume_info
.password
) {
2197 pSesInfo
->password
= volume_info
.password
;
2198 /* set to NULL to prevent freeing on exit */
2199 volume_info
.password
= NULL
;
2201 if (volume_info
.username
)
2202 strncpy(pSesInfo
->userName
, volume_info
.username
,
2204 if (volume_info
.domainname
) {
2205 int len
= strlen(volume_info
.domainname
);
2206 pSesInfo
->domainName
= kmalloc(len
+ 1, GFP_KERNEL
);
2207 if (pSesInfo
->domainName
)
2208 strcpy(pSesInfo
->domainName
,
2209 volume_info
.domainname
);
2211 pSesInfo
->linux_uid
= volume_info
.linux_uid
;
2212 pSesInfo
->overrideSecFlg
= volume_info
.secFlg
;
2213 down(&pSesInfo
->sesSem
);
2215 /* BB FIXME need to pass vol->secFlgs BB */
2216 rc
= cifs_setup_session(xid
, pSesInfo
,
2217 cifs_sb
->local_nls
);
2218 up(&pSesInfo
->sesSem
);
2221 /* search for existing tcon to this server share */
2223 setup_cifs_sb(&volume_info
, cifs_sb
);
2226 cFYI(1, ("Found match on UNC path"));
2227 if (tcon
->seal
!= volume_info
.seal
)
2228 cERROR(1, ("transport encryption setting "
2229 "conflicts with existing tid"));
2231 tcon
= tconInfoAlloc();
2234 goto mount_fail_check
;
2237 /* check for null share name ie connect to dfs root */
2239 /* BB check if works for exactly length 3 strings */
2240 if ((strchr(volume_info
.UNC
+ 3, '\\') == NULL
)
2241 && (strchr(volume_info
.UNC
+ 3, '/') == NULL
)) {
2242 /* rc = connect_to_dfs_path(...) */
2243 cFYI(1, ("DFS root not supported"));
2245 goto mount_fail_check
;
2247 /* BB Do we need to wrap sesSem around
2248 * this TCon call and Unix SetFS as
2249 * we do on SessSetup and reconnect? */
2250 rc
= CIFSTCon(xid
, pSesInfo
, volume_info
.UNC
,
2251 tcon
, cifs_sb
->local_nls
);
2252 cFYI(1, ("CIFS Tcon rc = %d", rc
));
2253 if (volume_info
.nodfs
) {
2254 tcon
->Flags
&= ~SMB_SHARE_IS_IN_DFS
;
2255 cFYI(1, ("DFS disabled (%d)",
2260 goto mount_fail_check
;
2261 tcon
->seal
= volume_info
.seal
;
2264 /* we can have only one retry value for a connection
2265 to a share so for resources mounted more than once
2266 to the same server share the last value passed in
2267 for the retry flag is used */
2268 tcon
->retry
= volume_info
.retry
;
2269 tcon
->nocase
= volume_info
.nocase
;
2270 tcon
->local_lease
= volume_info
.local_lease
;
2273 if (pSesInfo
->capabilities
& CAP_LARGE_FILES
) {
2274 sb
->s_maxbytes
= (u64
) 1 << 63;
2276 sb
->s_maxbytes
= (u64
) 1 << 31; /* 2 GB */
2279 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2280 sb
->s_time_gran
= 100;
2283 /* on error free sesinfo and tcon struct if needed */
2285 /* If find_unc succeeded then rc == 0 so we can not end */
2286 /* up accidently freeing someone elses tcon struct */
2290 /* should also end up putting our tcp session ref if needed */
2292 cifs_put_smb_ses(pSesInfo
);
2294 cifs_put_tcp_session(srvTcp
);
2296 atomic_inc(&tcon
->useCount
);
2297 cifs_sb
->tcon
= tcon
;
2298 tcon
->ses
= pSesInfo
;
2300 /* do not care if following two calls succeed - informational */
2302 CIFSSMBQFSDeviceInfo(xid
, tcon
);
2303 CIFSSMBQFSAttributeInfo(xid
, tcon
);
2306 /* tell server which Unix caps we support */
2307 if (tcon
->ses
->capabilities
& CAP_UNIX
)
2308 /* reset of caps checks mount to see if unix extensions
2309 disabled for just this mount */
2310 reset_cifs_unix_caps(xid
, tcon
, sb
, &volume_info
);
2312 tcon
->unix_ext
= 0; /* server does not support them */
2314 /* convert forward to back slashes in prepath here if needed */
2315 if ((cifs_sb
->mnt_cifs_flags
& CIFS_MOUNT_POSIX_PATHS
) == 0)
2316 convert_delimiter(cifs_sb
->prepath
,
2317 CIFS_DIR_SEP(cifs_sb
));
2319 if ((tcon
->unix_ext
== 0) && (cifs_sb
->rsize
> (1024 * 127))) {
2320 cifs_sb
->rsize
= 1024 * 127;
2322 ("no very large read support, rsize now 127K"));
2324 if (!(tcon
->ses
->capabilities
& CAP_LARGE_WRITE_X
))
2325 cifs_sb
->wsize
= min(cifs_sb
->wsize
,
2326 (tcon
->ses
->server
->maxBuf
-
2327 MAX_CIFS_HDR_SIZE
));
2328 if (!(tcon
->ses
->capabilities
& CAP_LARGE_READ_X
))
2329 cifs_sb
->rsize
= min(cifs_sb
->rsize
,
2330 (tcon
->ses
->server
->maxBuf
-
2331 MAX_CIFS_HDR_SIZE
));
2334 /* volume_info.password is freed above when existing session found
2335 (in which case it is not needed anymore) but when new sesion is created
2336 the password ptr is put in the new session structure (in which case the
2337 password will be freed at unmount time) */
2339 /* zero out password before freeing */
2340 if (volume_info
.password
!= NULL
) {
2341 memset(volume_info
.password
, 0, strlen(volume_info
.password
));
2342 kfree(volume_info
.password
);
2344 kfree(volume_info
.UNC
);
2345 kfree(volume_info
.prepath
);
2351 CIFSSessSetup(unsigned int xid
, struct cifsSesInfo
*ses
,
2352 char session_key
[CIFS_SESS_KEY_SIZE
],
2353 const struct nls_table
*nls_codepage
)
2355 struct smb_hdr
*smb_buffer
;
2356 struct smb_hdr
*smb_buffer_response
;
2357 SESSION_SETUP_ANDX
*pSMB
;
2358 SESSION_SETUP_ANDX
*pSMBr
;
2363 int remaining_words
= 0;
2364 int bytes_returned
= 0;
2369 cFYI(1, ("In sesssetup"));
2372 user
= ses
->userName
;
2373 domain
= ses
->domainName
;
2374 smb_buffer
= cifs_buf_get();
2376 if (smb_buffer
== NULL
)
2379 smb_buffer_response
= smb_buffer
;
2380 pSMBr
= pSMB
= (SESSION_SETUP_ANDX
*) smb_buffer
;
2382 /* send SMBsessionSetup here */
2383 header_assemble(smb_buffer
, SMB_COM_SESSION_SETUP_ANDX
,
2384 NULL
/* no tCon exists yet */ , 13 /* wct */ );
2386 smb_buffer
->Mid
= GetNextMid(ses
->server
);
2387 pSMB
->req_no_secext
.AndXCommand
= 0xFF;
2388 pSMB
->req_no_secext
.MaxBufferSize
= cpu_to_le16(ses
->server
->maxBuf
);
2389 pSMB
->req_no_secext
.MaxMpxCount
= cpu_to_le16(ses
->server
->maxReq
);
2391 if (ses
->server
->secMode
&
2392 (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
2393 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
2395 capabilities
= CAP_LARGE_FILES
| CAP_NT_SMBS
| CAP_LEVEL_II_OPLOCKS
|
2396 CAP_LARGE_WRITE_X
| CAP_LARGE_READ_X
;
2397 if (ses
->capabilities
& CAP_UNICODE
) {
2398 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
2399 capabilities
|= CAP_UNICODE
;
2401 if (ses
->capabilities
& CAP_STATUS32
) {
2402 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
2403 capabilities
|= CAP_STATUS32
;
2405 if (ses
->capabilities
& CAP_DFS
) {
2406 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
2407 capabilities
|= CAP_DFS
;
2409 pSMB
->req_no_secext
.Capabilities
= cpu_to_le32(capabilities
);
2411 pSMB
->req_no_secext
.CaseInsensitivePasswordLength
=
2412 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
2414 pSMB
->req_no_secext
.CaseSensitivePasswordLength
=
2415 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
2416 bcc_ptr
= pByteArea(smb_buffer
);
2417 memcpy(bcc_ptr
, (char *) session_key
, CIFS_SESS_KEY_SIZE
);
2418 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
2419 memcpy(bcc_ptr
, (char *) session_key
, CIFS_SESS_KEY_SIZE
);
2420 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
2422 if (ses
->capabilities
& CAP_UNICODE
) {
2423 if ((long) bcc_ptr
% 2) { /* must be word aligned for Unicode */
2428 bytes_returned
= 0; /* skip null user */
2431 cifs_strtoUCS((__le16
*) bcc_ptr
, user
, 100,
2433 /* convert number of 16 bit words to bytes */
2434 bcc_ptr
+= 2 * bytes_returned
;
2435 bcc_ptr
+= 2; /* trailing null */
2438 cifs_strtoUCS((__le16
*) bcc_ptr
,
2439 "CIFS_LINUX_DOM", 32, nls_codepage
);
2442 cifs_strtoUCS((__le16
*) bcc_ptr
, domain
, 64,
2444 bcc_ptr
+= 2 * bytes_returned
;
2447 cifs_strtoUCS((__le16
*) bcc_ptr
, "Linux version ",
2449 bcc_ptr
+= 2 * bytes_returned
;
2451 cifs_strtoUCS((__le16
*) bcc_ptr
, utsname()->release
,
2453 bcc_ptr
+= 2 * bytes_returned
;
2456 cifs_strtoUCS((__le16
*) bcc_ptr
, CIFS_NETWORK_OPSYS
,
2458 bcc_ptr
+= 2 * bytes_returned
;
2462 strncpy(bcc_ptr
, user
, 200);
2463 bcc_ptr
+= strnlen(user
, 200);
2467 if (domain
== NULL
) {
2468 strcpy(bcc_ptr
, "CIFS_LINUX_DOM");
2469 bcc_ptr
+= strlen("CIFS_LINUX_DOM") + 1;
2471 strncpy(bcc_ptr
, domain
, 64);
2472 bcc_ptr
+= strnlen(domain
, 64);
2476 strcpy(bcc_ptr
, "Linux version ");
2477 bcc_ptr
+= strlen("Linux version ");
2478 strcpy(bcc_ptr
, utsname()->release
);
2479 bcc_ptr
+= strlen(utsname()->release
) + 1;
2480 strcpy(bcc_ptr
, CIFS_NETWORK_OPSYS
);
2481 bcc_ptr
+= strlen(CIFS_NETWORK_OPSYS
) + 1;
2483 count
= (long) bcc_ptr
- (long) pByteArea(smb_buffer
);
2484 smb_buffer
->smb_buf_length
+= count
;
2485 pSMB
->req_no_secext
.ByteCount
= cpu_to_le16(count
);
2487 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
,
2488 &bytes_returned
, CIFS_LONG_OP
);
2490 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2491 } else if ((smb_buffer_response
->WordCount
== 3)
2492 || (smb_buffer_response
->WordCount
== 4)) {
2493 __u16 action
= le16_to_cpu(pSMBr
->resp
.Action
);
2494 __u16 blob_len
= le16_to_cpu(pSMBr
->resp
.SecurityBlobLength
);
2495 if (action
& GUEST_LOGIN
)
2496 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2497 ses
->Suid
= smb_buffer_response
->Uid
; /* UID left in wire format
2499 cFYI(1, ("UID = %d ", ses
->Suid
));
2500 /* response can have either 3 or 4 word count - Samba sends 3 */
2501 bcc_ptr
= pByteArea(smb_buffer_response
);
2502 if ((pSMBr
->resp
.hdr
.WordCount
== 3)
2503 || ((pSMBr
->resp
.hdr
.WordCount
== 4)
2504 && (blob_len
< pSMBr
->resp
.ByteCount
))) {
2505 if (pSMBr
->resp
.hdr
.WordCount
== 4)
2506 bcc_ptr
+= blob_len
;
2508 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
2509 if ((long) (bcc_ptr
) % 2) {
2511 (BCC(smb_buffer_response
) - 1) / 2;
2512 /* Unicode strings must be word
2517 BCC(smb_buffer_response
) / 2;
2520 UniStrnlen((wchar_t *) bcc_ptr
,
2521 remaining_words
- 1);
2522 /* We look for obvious messed up bcc or strings in response so we do not go off
2523 the end since (at least) WIN2K and Windows XP have a major bug in not null
2524 terminating last Unicode string in response */
2526 kfree(ses
->serverOS
);
2527 ses
->serverOS
= kzalloc(2 * (len
+ 1),
2529 if (ses
->serverOS
== NULL
)
2530 goto sesssetup_nomem
;
2531 cifs_strfromUCS_le(ses
->serverOS
,
2534 bcc_ptr
+= 2 * (len
+ 1);
2535 remaining_words
-= len
+ 1;
2536 ses
->serverOS
[2 * len
] = 0;
2537 ses
->serverOS
[1 + (2 * len
)] = 0;
2538 if (remaining_words
> 0) {
2539 len
= UniStrnlen((wchar_t *)bcc_ptr
,
2541 kfree(ses
->serverNOS
);
2542 ses
->serverNOS
= kzalloc(2 * (len
+ 1),
2544 if (ses
->serverNOS
== NULL
)
2545 goto sesssetup_nomem
;
2546 cifs_strfromUCS_le(ses
->serverNOS
,
2549 bcc_ptr
+= 2 * (len
+ 1);
2550 ses
->serverNOS
[2 * len
] = 0;
2551 ses
->serverNOS
[1 + (2 * len
)] = 0;
2552 if (strncmp(ses
->serverNOS
,
2553 "NT LAN Manager 4", 16) == 0) {
2554 cFYI(1, ("NT4 server"));
2555 ses
->flags
|= CIFS_SES_NT4
;
2557 remaining_words
-= len
+ 1;
2558 if (remaining_words
> 0) {
2559 len
= UniStrnlen((wchar_t *) bcc_ptr
, remaining_words
);
2560 /* last string is not always null terminated
2561 (for e.g. for Windows XP & 2000) */
2562 if (ses
->serverDomain
)
2563 kfree(ses
->serverDomain
);
2567 if (ses
->serverDomain
== NULL
)
2568 goto sesssetup_nomem
;
2569 cifs_strfromUCS_le(ses
->serverDomain
,
2572 bcc_ptr
+= 2 * (len
+ 1);
2573 ses
->serverDomain
[2*len
] = 0;
2574 ses
->serverDomain
[1+(2*len
)] = 0;
2575 } else { /* else no more room so create
2576 dummy domain string */
2577 if (ses
->serverDomain
)
2578 kfree(ses
->serverDomain
);
2580 kzalloc(2, GFP_KERNEL
);
2582 } else { /* no room so create dummy domain
2585 /* if these kcallocs fail not much we
2586 can do, but better to not fail the
2588 kfree(ses
->serverDomain
);
2590 kzalloc(2, GFP_KERNEL
);
2591 kfree(ses
->serverNOS
);
2593 kzalloc(2, GFP_KERNEL
);
2595 } else { /* ASCII */
2596 len
= strnlen(bcc_ptr
, 1024);
2597 if (((long) bcc_ptr
+ len
) - (long)
2598 pByteArea(smb_buffer_response
)
2599 <= BCC(smb_buffer_response
)) {
2600 kfree(ses
->serverOS
);
2601 ses
->serverOS
= kzalloc(len
+ 1,
2603 if (ses
->serverOS
== NULL
)
2604 goto sesssetup_nomem
;
2605 strncpy(ses
->serverOS
, bcc_ptr
, len
);
2608 /* null terminate the string */
2612 len
= strnlen(bcc_ptr
, 1024);
2613 kfree(ses
->serverNOS
);
2614 ses
->serverNOS
= kzalloc(len
+ 1,
2616 if (ses
->serverNOS
== NULL
)
2617 goto sesssetup_nomem
;
2618 strncpy(ses
->serverNOS
, bcc_ptr
, len
);
2623 len
= strnlen(bcc_ptr
, 1024);
2624 if (ses
->serverDomain
)
2625 kfree(ses
->serverDomain
);
2626 ses
->serverDomain
= kzalloc(len
+ 1,
2628 if (ses
->serverDomain
== NULL
)
2629 goto sesssetup_nomem
;
2630 strncpy(ses
->serverDomain
, bcc_ptr
,
2637 ("Variable field of length %d "
2638 "extends beyond end of smb ",
2643 (" Security Blob Length extends beyond "
2648 (" Invalid Word count %d: ",
2649 smb_buffer_response
->WordCount
));
2652 sesssetup_nomem
: /* do not return an error on nomem for the info strings,
2653 since that could make reconnection harder, and
2654 reconnection might be needed to free memory */
2655 cifs_buf_release(smb_buffer
);
2661 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid
,
2662 struct cifsSesInfo
*ses
, bool *pNTLMv2_flag
,
2663 const struct nls_table
*nls_codepage
)
2665 struct smb_hdr
*smb_buffer
;
2666 struct smb_hdr
*smb_buffer_response
;
2667 SESSION_SETUP_ANDX
*pSMB
;
2668 SESSION_SETUP_ANDX
*pSMBr
;
2672 int remaining_words
= 0;
2673 int bytes_returned
= 0;
2675 int SecurityBlobLength
= sizeof(NEGOTIATE_MESSAGE
);
2676 PNEGOTIATE_MESSAGE SecurityBlob
;
2677 PCHALLENGE_MESSAGE SecurityBlob2
;
2678 __u32 negotiate_flags
, capabilities
;
2681 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2684 domain
= ses
->domainName
;
2685 *pNTLMv2_flag
= false;
2686 smb_buffer
= cifs_buf_get();
2687 if (smb_buffer
== NULL
) {
2690 smb_buffer_response
= smb_buffer
;
2691 pSMB
= (SESSION_SETUP_ANDX
*) smb_buffer
;
2692 pSMBr
= (SESSION_SETUP_ANDX
*) smb_buffer_response
;
2694 /* send SMBsessionSetup here */
2695 header_assemble(smb_buffer
, SMB_COM_SESSION_SETUP_ANDX
,
2696 NULL
/* no tCon exists yet */ , 12 /* wct */ );
2698 smb_buffer
->Mid
= GetNextMid(ses
->server
);
2699 pSMB
->req
.hdr
.Flags2
|= SMBFLG2_EXT_SEC
;
2700 pSMB
->req
.hdr
.Flags
|= (SMBFLG_CASELESS
| SMBFLG_CANONICAL_PATH_FORMAT
);
2702 pSMB
->req
.AndXCommand
= 0xFF;
2703 pSMB
->req
.MaxBufferSize
= cpu_to_le16(ses
->server
->maxBuf
);
2704 pSMB
->req
.MaxMpxCount
= cpu_to_le16(ses
->server
->maxReq
);
2706 if (ses
->server
->secMode
& (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
2707 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
2709 capabilities
= CAP_LARGE_FILES
| CAP_NT_SMBS
| CAP_LEVEL_II_OPLOCKS
|
2710 CAP_EXTENDED_SECURITY
;
2711 if (ses
->capabilities
& CAP_UNICODE
) {
2712 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
2713 capabilities
|= CAP_UNICODE
;
2715 if (ses
->capabilities
& CAP_STATUS32
) {
2716 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
2717 capabilities
|= CAP_STATUS32
;
2719 if (ses
->capabilities
& CAP_DFS
) {
2720 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
2721 capabilities
|= CAP_DFS
;
2723 pSMB
->req
.Capabilities
= cpu_to_le32(capabilities
);
2725 bcc_ptr
= (char *) &pSMB
->req
.SecurityBlob
;
2726 SecurityBlob
= (PNEGOTIATE_MESSAGE
) bcc_ptr
;
2727 strncpy(SecurityBlob
->Signature
, NTLMSSP_SIGNATURE
, 8);
2728 SecurityBlob
->MessageType
= NtLmNegotiate
;
2730 NTLMSSP_NEGOTIATE_UNICODE
| NTLMSSP_NEGOTIATE_OEM
|
2731 NTLMSSP_REQUEST_TARGET
| NTLMSSP_NEGOTIATE_NTLM
|
2732 NTLMSSP_NEGOTIATE_56
|
2733 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128
;
2735 negotiate_flags
|= NTLMSSP_NEGOTIATE_SIGN
;
2736 /* if (ntlmv2_support)
2737 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2738 /* setup pointers to domain name and workstation name */
2739 bcc_ptr
+= SecurityBlobLength
;
2741 SecurityBlob
->WorkstationName
.Buffer
= 0;
2742 SecurityBlob
->WorkstationName
.Length
= 0;
2743 SecurityBlob
->WorkstationName
.MaximumLength
= 0;
2745 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2746 along with username on auth request (ie the response to challenge) */
2747 SecurityBlob
->DomainName
.Buffer
= 0;
2748 SecurityBlob
->DomainName
.Length
= 0;
2749 SecurityBlob
->DomainName
.MaximumLength
= 0;
2750 if (ses
->capabilities
& CAP_UNICODE
) {
2751 if ((long) bcc_ptr
% 2) {
2757 cifs_strtoUCS((__le16
*) bcc_ptr
, "Linux version ",
2759 bcc_ptr
+= 2 * bytes_returned
;
2761 cifs_strtoUCS((__le16
*) bcc_ptr
, utsname()->release
, 32,
2763 bcc_ptr
+= 2 * bytes_returned
;
2764 bcc_ptr
+= 2; /* null terminate Linux version */
2766 cifs_strtoUCS((__le16
*) bcc_ptr
, CIFS_NETWORK_OPSYS
,
2768 bcc_ptr
+= 2 * bytes_returned
;
2771 bcc_ptr
+= 2; /* null terminate network opsys string */
2774 bcc_ptr
+= 2; /* null domain */
2775 } else { /* ASCII */
2776 strcpy(bcc_ptr
, "Linux version ");
2777 bcc_ptr
+= strlen("Linux version ");
2778 strcpy(bcc_ptr
, utsname()->release
);
2779 bcc_ptr
+= strlen(utsname()->release
) + 1;
2780 strcpy(bcc_ptr
, CIFS_NETWORK_OPSYS
);
2781 bcc_ptr
+= strlen(CIFS_NETWORK_OPSYS
) + 1;
2782 bcc_ptr
++; /* empty domain field */
2785 SecurityBlob
->NegotiateFlags
= cpu_to_le32(negotiate_flags
);
2786 pSMB
->req
.SecurityBlobLength
= cpu_to_le16(SecurityBlobLength
);
2787 count
= (long) bcc_ptr
- (long) pByteArea(smb_buffer
);
2788 smb_buffer
->smb_buf_length
+= count
;
2789 pSMB
->req
.ByteCount
= cpu_to_le16(count
);
2791 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
,
2792 &bytes_returned
, CIFS_LONG_OP
);
2794 if (smb_buffer_response
->Status
.CifsError
==
2795 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED
))
2799 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2800 } else if ((smb_buffer_response
->WordCount
== 3)
2801 || (smb_buffer_response
->WordCount
== 4)) {
2802 __u16 action
= le16_to_cpu(pSMBr
->resp
.Action
);
2803 __u16 blob_len
= le16_to_cpu(pSMBr
->resp
.SecurityBlobLength
);
2805 if (action
& GUEST_LOGIN
)
2806 cFYI(1, (" Guest login"));
2807 /* Do we want to set anything in SesInfo struct when guest login? */
2809 bcc_ptr
= pByteArea(smb_buffer_response
);
2810 /* response can have either 3 or 4 word count - Samba sends 3 */
2812 SecurityBlob2
= (PCHALLENGE_MESSAGE
) bcc_ptr
;
2813 if (SecurityBlob2
->MessageType
!= NtLmChallenge
) {
2815 ("Unexpected NTLMSSP message type received %d",
2816 SecurityBlob2
->MessageType
));
2818 ses
->Suid
= smb_buffer_response
->Uid
; /* UID left in le format */
2819 cFYI(1, ("UID = %d", ses
->Suid
));
2820 if ((pSMBr
->resp
.hdr
.WordCount
== 3)
2821 || ((pSMBr
->resp
.hdr
.WordCount
== 4)
2823 pSMBr
->resp
.ByteCount
))) {
2825 if (pSMBr
->resp
.hdr
.WordCount
== 4) {
2826 bcc_ptr
+= blob_len
;
2827 cFYI(1, ("Security Blob Length %d",
2831 cFYI(1, ("NTLMSSP Challenge rcvd"));
2833 memcpy(ses
->server
->cryptKey
,
2834 SecurityBlob2
->Challenge
,
2835 CIFS_CRYPTO_KEY_SIZE
);
2836 if (SecurityBlob2
->NegotiateFlags
&
2837 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2
))
2838 *pNTLMv2_flag
= true;
2840 if ((SecurityBlob2
->NegotiateFlags
&
2841 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN
))
2842 || (sign_CIFS_PDUs
> 1))
2843 ses
->server
->secMode
|=
2844 SECMODE_SIGN_REQUIRED
;
2845 if ((SecurityBlob2
->NegotiateFlags
&
2846 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN
)) && (sign_CIFS_PDUs
))
2847 ses
->server
->secMode
|=
2848 SECMODE_SIGN_ENABLED
;
2850 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
2851 if ((long) (bcc_ptr
) % 2) {
2853 (BCC(smb_buffer_response
)
2855 /* Must word align unicode strings */
2860 (smb_buffer_response
) / 2;
2863 UniStrnlen((wchar_t *) bcc_ptr
,
2864 remaining_words
- 1);
2865 /* We look for obvious messed up bcc or strings in response so we do not go off
2866 the end since (at least) WIN2K and Windows XP have a major bug in not null
2867 terminating last Unicode string in response */
2869 kfree(ses
->serverOS
);
2871 kzalloc(2 * (len
+ 1), GFP_KERNEL
);
2872 cifs_strfromUCS_le(ses
->serverOS
,
2876 bcc_ptr
+= 2 * (len
+ 1);
2877 remaining_words
-= len
+ 1;
2878 ses
->serverOS
[2 * len
] = 0;
2879 ses
->serverOS
[1 + (2 * len
)] = 0;
2880 if (remaining_words
> 0) {
2881 len
= UniStrnlen((wchar_t *)
2885 kfree(ses
->serverNOS
);
2887 kzalloc(2 * (len
+ 1),
2889 cifs_strfromUCS_le(ses
->
2895 bcc_ptr
+= 2 * (len
+ 1);
2896 ses
->serverNOS
[2 * len
] = 0;
2899 remaining_words
-= len
+ 1;
2900 if (remaining_words
> 0) {
2901 len
= UniStrnlen((wchar_t *) bcc_ptr
, remaining_words
);
2902 /* last string not always null terminated
2903 (for e.g. for Windows XP & 2000) */
2904 kfree(ses
->serverDomain
);
2916 ses
->serverDomain
[2*len
]
2921 } /* else no more room so create dummy domain string */
2923 kfree(ses
->serverDomain
);
2928 } else { /* no room so create dummy domain and NOS string */
2929 kfree(ses
->serverDomain
);
2931 kzalloc(2, GFP_KERNEL
);
2932 kfree(ses
->serverNOS
);
2934 kzalloc(2, GFP_KERNEL
);
2936 } else { /* ASCII */
2937 len
= strnlen(bcc_ptr
, 1024);
2938 if (((long) bcc_ptr
+ len
) - (long)
2939 pByteArea(smb_buffer_response
)
2940 <= BCC(smb_buffer_response
)) {
2942 kfree(ses
->serverOS
);
2946 strncpy(ses
->serverOS
,
2950 bcc_ptr
[0] = 0; /* null terminate string */
2953 len
= strnlen(bcc_ptr
, 1024);
2954 kfree(ses
->serverNOS
);
2958 strncpy(ses
->serverNOS
, bcc_ptr
, len
);
2963 len
= strnlen(bcc_ptr
, 1024);
2964 kfree(ses
->serverDomain
);
2968 strncpy(ses
->serverDomain
,
2975 ("field of length %d "
2976 "extends beyond end of smb",
2980 cERROR(1, ("Security Blob Length extends beyond"
2984 cERROR(1, ("No session structure passed in."));
2988 (" Invalid Word count %d:",
2989 smb_buffer_response
->WordCount
));
2993 cifs_buf_release(smb_buffer
);
2998 CIFSNTLMSSPAuthSessSetup(unsigned int xid
, struct cifsSesInfo
*ses
,
2999 char *ntlm_session_key
, bool ntlmv2_flag
,
3000 const struct nls_table
*nls_codepage
)
3002 struct smb_hdr
*smb_buffer
;
3003 struct smb_hdr
*smb_buffer_response
;
3004 SESSION_SETUP_ANDX
*pSMB
;
3005 SESSION_SETUP_ANDX
*pSMBr
;
3010 int remaining_words
= 0;
3011 int bytes_returned
= 0;
3013 int SecurityBlobLength
= sizeof(AUTHENTICATE_MESSAGE
);
3014 PAUTHENTICATE_MESSAGE SecurityBlob
;
3015 __u32 negotiate_flags
, capabilities
;
3018 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3021 user
= ses
->userName
;
3022 domain
= ses
->domainName
;
3023 smb_buffer
= cifs_buf_get();
3024 if (smb_buffer
== NULL
) {
3027 smb_buffer_response
= smb_buffer
;
3028 pSMB
= (SESSION_SETUP_ANDX
*)smb_buffer
;
3029 pSMBr
= (SESSION_SETUP_ANDX
*)smb_buffer_response
;
3031 /* send SMBsessionSetup here */
3032 header_assemble(smb_buffer
, SMB_COM_SESSION_SETUP_ANDX
,
3033 NULL
/* no tCon exists yet */ , 12 /* wct */ );
3035 smb_buffer
->Mid
= GetNextMid(ses
->server
);
3036 pSMB
->req
.hdr
.Flags
|= (SMBFLG_CASELESS
| SMBFLG_CANONICAL_PATH_FORMAT
);
3037 pSMB
->req
.hdr
.Flags2
|= SMBFLG2_EXT_SEC
;
3038 pSMB
->req
.AndXCommand
= 0xFF;
3039 pSMB
->req
.MaxBufferSize
= cpu_to_le16(ses
->server
->maxBuf
);
3040 pSMB
->req
.MaxMpxCount
= cpu_to_le16(ses
->server
->maxReq
);
3042 pSMB
->req
.hdr
.Uid
= ses
->Suid
;
3044 if (ses
->server
->secMode
& (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
3045 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
3047 capabilities
= CAP_LARGE_FILES
| CAP_NT_SMBS
| CAP_LEVEL_II_OPLOCKS
|
3048 CAP_EXTENDED_SECURITY
;
3049 if (ses
->capabilities
& CAP_UNICODE
) {
3050 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
3051 capabilities
|= CAP_UNICODE
;
3053 if (ses
->capabilities
& CAP_STATUS32
) {
3054 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
3055 capabilities
|= CAP_STATUS32
;
3057 if (ses
->capabilities
& CAP_DFS
) {
3058 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
3059 capabilities
|= CAP_DFS
;
3061 pSMB
->req
.Capabilities
= cpu_to_le32(capabilities
);
3063 bcc_ptr
= (char *)&pSMB
->req
.SecurityBlob
;
3064 SecurityBlob
= (PAUTHENTICATE_MESSAGE
)bcc_ptr
;
3065 strncpy(SecurityBlob
->Signature
, NTLMSSP_SIGNATURE
, 8);
3066 SecurityBlob
->MessageType
= NtLmAuthenticate
;
3067 bcc_ptr
+= SecurityBlobLength
;
3068 negotiate_flags
= NTLMSSP_NEGOTIATE_UNICODE
| NTLMSSP_REQUEST_TARGET
|
3069 NTLMSSP_NEGOTIATE_NTLM
| NTLMSSP_NEGOTIATE_TARGET_INFO
|
3070 0x80000000 | NTLMSSP_NEGOTIATE_128
;
3072 negotiate_flags
|= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN
;
3074 negotiate_flags
|= NTLMSSP_NEGOTIATE_NTLMV2
;
3076 /* setup pointers to domain name and workstation name */
3078 SecurityBlob
->WorkstationName
.Buffer
= 0;
3079 SecurityBlob
->WorkstationName
.Length
= 0;
3080 SecurityBlob
->WorkstationName
.MaximumLength
= 0;
3081 SecurityBlob
->SessionKey
.Length
= 0;
3082 SecurityBlob
->SessionKey
.MaximumLength
= 0;
3083 SecurityBlob
->SessionKey
.Buffer
= 0;
3085 SecurityBlob
->LmChallengeResponse
.Length
= 0;
3086 SecurityBlob
->LmChallengeResponse
.MaximumLength
= 0;
3087 SecurityBlob
->LmChallengeResponse
.Buffer
= 0;
3089 SecurityBlob
->NtChallengeResponse
.Length
=
3090 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
3091 SecurityBlob
->NtChallengeResponse
.MaximumLength
=
3092 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
3093 memcpy(bcc_ptr
, ntlm_session_key
, CIFS_SESS_KEY_SIZE
);
3094 SecurityBlob
->NtChallengeResponse
.Buffer
=
3095 cpu_to_le32(SecurityBlobLength
);
3096 SecurityBlobLength
+= CIFS_SESS_KEY_SIZE
;
3097 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
3099 if (ses
->capabilities
& CAP_UNICODE
) {
3100 if (domain
== NULL
) {
3101 SecurityBlob
->DomainName
.Buffer
= 0;
3102 SecurityBlob
->DomainName
.Length
= 0;
3103 SecurityBlob
->DomainName
.MaximumLength
= 0;
3105 __u16 ln
= cifs_strtoUCS((__le16
*) bcc_ptr
, domain
, 64,
3108 SecurityBlob
->DomainName
.MaximumLength
=
3110 SecurityBlob
->DomainName
.Buffer
=
3111 cpu_to_le32(SecurityBlobLength
);
3113 SecurityBlobLength
+= ln
;
3114 SecurityBlob
->DomainName
.Length
= cpu_to_le16(ln
);
3117 SecurityBlob
->UserName
.Buffer
= 0;
3118 SecurityBlob
->UserName
.Length
= 0;
3119 SecurityBlob
->UserName
.MaximumLength
= 0;
3121 __u16 ln
= cifs_strtoUCS((__le16
*) bcc_ptr
, user
, 64,
3124 SecurityBlob
->UserName
.MaximumLength
=
3126 SecurityBlob
->UserName
.Buffer
=
3127 cpu_to_le32(SecurityBlobLength
);
3129 SecurityBlobLength
+= ln
;
3130 SecurityBlob
->UserName
.Length
= cpu_to_le16(ln
);
3133 /* SecurityBlob->WorkstationName.Length =
3134 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3135 SecurityBlob->WorkstationName.Length *= 2;
3136 SecurityBlob->WorkstationName.MaximumLength =
3137 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3138 SecurityBlob->WorkstationName.Buffer =
3139 cpu_to_le32(SecurityBlobLength);
3140 bcc_ptr += SecurityBlob->WorkstationName.Length;
3141 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3142 SecurityBlob->WorkstationName.Length =
3143 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3145 if ((long) bcc_ptr
% 2) {
3150 cifs_strtoUCS((__le16
*) bcc_ptr
, "Linux version ",
3152 bcc_ptr
+= 2 * bytes_returned
;
3154 cifs_strtoUCS((__le16
*) bcc_ptr
, utsname()->release
, 32,
3156 bcc_ptr
+= 2 * bytes_returned
;
3157 bcc_ptr
+= 2; /* null term version string */
3159 cifs_strtoUCS((__le16
*) bcc_ptr
, CIFS_NETWORK_OPSYS
,
3161 bcc_ptr
+= 2 * bytes_returned
;
3164 bcc_ptr
+= 2; /* null terminate network opsys string */
3167 bcc_ptr
+= 2; /* null domain */
3168 } else { /* ASCII */
3169 if (domain
== NULL
) {
3170 SecurityBlob
->DomainName
.Buffer
= 0;
3171 SecurityBlob
->DomainName
.Length
= 0;
3172 SecurityBlob
->DomainName
.MaximumLength
= 0;
3175 negotiate_flags
|= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
;
3176 strncpy(bcc_ptr
, domain
, 63);
3177 ln
= strnlen(domain
, 64);
3178 SecurityBlob
->DomainName
.MaximumLength
=
3180 SecurityBlob
->DomainName
.Buffer
=
3181 cpu_to_le32(SecurityBlobLength
);
3183 SecurityBlobLength
+= ln
;
3184 SecurityBlob
->DomainName
.Length
= cpu_to_le16(ln
);
3187 SecurityBlob
->UserName
.Buffer
= 0;
3188 SecurityBlob
->UserName
.Length
= 0;
3189 SecurityBlob
->UserName
.MaximumLength
= 0;
3192 strncpy(bcc_ptr
, user
, 63);
3193 ln
= strnlen(user
, 64);
3194 SecurityBlob
->UserName
.MaximumLength
= cpu_to_le16(ln
);
3195 SecurityBlob
->UserName
.Buffer
=
3196 cpu_to_le32(SecurityBlobLength
);
3198 SecurityBlobLength
+= ln
;
3199 SecurityBlob
->UserName
.Length
= cpu_to_le16(ln
);
3201 /* BB fill in our workstation name if known BB */
3203 strcpy(bcc_ptr
, "Linux version ");
3204 bcc_ptr
+= strlen("Linux version ");
3205 strcpy(bcc_ptr
, utsname()->release
);
3206 bcc_ptr
+= strlen(utsname()->release
) + 1;
3207 strcpy(bcc_ptr
, CIFS_NETWORK_OPSYS
);
3208 bcc_ptr
+= strlen(CIFS_NETWORK_OPSYS
) + 1;
3209 bcc_ptr
++; /* null domain */
3212 SecurityBlob
->NegotiateFlags
= cpu_to_le32(negotiate_flags
);
3213 pSMB
->req
.SecurityBlobLength
= cpu_to_le16(SecurityBlobLength
);
3214 count
= (long) bcc_ptr
- (long) pByteArea(smb_buffer
);
3215 smb_buffer
->smb_buf_length
+= count
;
3216 pSMB
->req
.ByteCount
= cpu_to_le16(count
);
3218 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
,
3219 &bytes_returned
, CIFS_LONG_OP
);
3221 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3222 } else if ((smb_buffer_response
->WordCount
== 3) ||
3223 (smb_buffer_response
->WordCount
== 4)) {
3224 __u16 action
= le16_to_cpu(pSMBr
->resp
.Action
);
3225 __u16 blob_len
= le16_to_cpu(pSMBr
->resp
.SecurityBlobLength
);
3226 if (action
& GUEST_LOGIN
)
3227 cFYI(1, (" Guest login")); /* BB Should we set anything
3228 in SesInfo struct ? */
3229 /* if (SecurityBlob2->MessageType != NtLm??) {
3230 cFYI("Unexpected message type on auth response is %d"));
3235 ("Check challenge UID %d vs auth response UID %d",
3236 ses
->Suid
, smb_buffer_response
->Uid
));
3237 /* UID left in wire format */
3238 ses
->Suid
= smb_buffer_response
->Uid
;
3239 bcc_ptr
= pByteArea(smb_buffer_response
);
3240 /* response can have either 3 or 4 word count - Samba sends 3 */
3241 if ((pSMBr
->resp
.hdr
.WordCount
== 3)
3242 || ((pSMBr
->resp
.hdr
.WordCount
== 4)
3244 pSMBr
->resp
.ByteCount
))) {
3245 if (pSMBr
->resp
.hdr
.WordCount
== 4) {
3249 ("Security Blob Length %d ",
3254 ("NTLMSSP response to Authenticate "));
3256 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
3257 if ((long) (bcc_ptr
) % 2) {
3259 (BCC(smb_buffer_response
)
3261 bcc_ptr
++; /* Unicode strings must be word aligned */
3263 remaining_words
= BCC(smb_buffer_response
) / 2;
3265 len
= UniStrnlen((wchar_t *) bcc_ptr
,
3266 remaining_words
- 1);
3267 /* We look for obvious messed up bcc or strings in response so we do not go off
3268 the end since (at least) WIN2K and Windows XP have a major bug in not null
3269 terminating last Unicode string in response */
3271 kfree(ses
->serverOS
);
3273 kzalloc(2 * (len
+ 1), GFP_KERNEL
);
3274 cifs_strfromUCS_le(ses
->serverOS
,
3278 bcc_ptr
+= 2 * (len
+ 1);
3279 remaining_words
-= len
+ 1;
3280 ses
->serverOS
[2 * len
] = 0;
3281 ses
->serverOS
[1 + (2 * len
)] = 0;
3282 if (remaining_words
> 0) {
3283 len
= UniStrnlen((wchar_t *)
3287 kfree(ses
->serverNOS
);
3289 kzalloc(2 * (len
+ 1),
3291 cifs_strfromUCS_le(ses
->
3297 bcc_ptr
+= 2 * (len
+ 1);
3298 ses
->serverNOS
[2 * len
] = 0;
3299 ses
->serverNOS
[1+(2*len
)] = 0;
3300 remaining_words
-= len
+ 1;
3301 if (remaining_words
> 0) {
3302 len
= UniStrnlen((wchar_t *) bcc_ptr
, remaining_words
);
3303 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3304 if (ses
->serverDomain
)
3305 kfree(ses
->serverDomain
);
3330 } /* else no more room so create dummy domain string */
3332 if (ses
->serverDomain
)
3333 kfree(ses
->serverDomain
);
3334 ses
->serverDomain
= kzalloc(2,GFP_KERNEL
);
3336 } else { /* no room so create dummy domain and NOS string */
3337 if (ses
->serverDomain
)
3338 kfree(ses
->serverDomain
);
3339 ses
->serverDomain
= kzalloc(2, GFP_KERNEL
);
3340 kfree(ses
->serverNOS
);
3341 ses
->serverNOS
= kzalloc(2, GFP_KERNEL
);
3343 } else { /* ASCII */
3344 len
= strnlen(bcc_ptr
, 1024);
3345 if (((long) bcc_ptr
+ len
) -
3346 (long) pByteArea(smb_buffer_response
)
3347 <= BCC(smb_buffer_response
)) {
3349 kfree(ses
->serverOS
);
3350 ses
->serverOS
= kzalloc(len
+ 1, GFP_KERNEL
);
3351 strncpy(ses
->serverOS
,bcc_ptr
, len
);
3354 bcc_ptr
[0] = 0; /* null terminate the string */
3357 len
= strnlen(bcc_ptr
, 1024);
3358 kfree(ses
->serverNOS
);
3359 ses
->serverNOS
= kzalloc(len
+1,
3361 strncpy(ses
->serverNOS
,
3367 len
= strnlen(bcc_ptr
, 1024);
3368 if (ses
->serverDomain
)
3369 kfree(ses
->serverDomain
);
3373 strncpy(ses
->serverDomain
,
3379 cFYI(1, ("field of length %d "
3380 "extends beyond end of smb ",
3384 cERROR(1, ("Security Blob extends beyond end "
3388 cERROR(1, ("No session structure passed in."));
3391 cERROR(1, ("Invalid Word count %d: ",
3392 smb_buffer_response
->WordCount
));
3396 cifs_buf_release(smb_buffer
);
3402 CIFSTCon(unsigned int xid
, struct cifsSesInfo
*ses
,
3403 const char *tree
, struct cifsTconInfo
*tcon
,
3404 const struct nls_table
*nls_codepage
)
3406 struct smb_hdr
*smb_buffer
;
3407 struct smb_hdr
*smb_buffer_response
;
3410 unsigned char *bcc_ptr
;
3418 smb_buffer
= cifs_buf_get();
3419 if (smb_buffer
== NULL
) {
3422 smb_buffer_response
= smb_buffer
;
3424 header_assemble(smb_buffer
, SMB_COM_TREE_CONNECT_ANDX
,
3425 NULL
/*no tid */ , 4 /*wct */ );
3427 smb_buffer
->Mid
= GetNextMid(ses
->server
);
3428 smb_buffer
->Uid
= ses
->Suid
;
3429 pSMB
= (TCONX_REQ
*) smb_buffer
;
3430 pSMBr
= (TCONX_RSP
*) smb_buffer_response
;
3432 pSMB
->AndXCommand
= 0xFF;
3433 pSMB
->Flags
= cpu_to_le16(TCON_EXTENDED_SECINFO
);
3434 bcc_ptr
= &pSMB
->Password
[0];
3435 if ((ses
->server
->secMode
) & SECMODE_USER
) {
3436 pSMB
->PasswordLength
= cpu_to_le16(1); /* minimum */
3437 *bcc_ptr
= 0; /* password is null byte */
3438 bcc_ptr
++; /* skip password */
3439 /* already aligned so no need to do it below */
3441 pSMB
->PasswordLength
= cpu_to_le16(CIFS_SESS_KEY_SIZE
);
3442 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3443 specified as required (when that support is added to
3444 the vfs in the future) as only NTLM or the much
3445 weaker LANMAN (which we do not send by default) is accepted
3446 by Samba (not sure whether other servers allow
3447 NTLMv2 password here) */
3448 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3449 if ((extended_security
& CIFSSEC_MAY_LANMAN
) &&
3450 (ses
->server
->secType
== LANMAN
))
3451 calc_lanman_hash(ses
, bcc_ptr
);
3453 #endif /* CIFS_WEAK_PW_HASH */
3454 SMBNTencrypt(ses
->password
,
3455 ses
->server
->cryptKey
,
3458 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
3459 if (ses
->capabilities
& CAP_UNICODE
) {
3460 /* must align unicode strings */
3461 *bcc_ptr
= 0; /* null byte password */
3466 if (ses
->server
->secMode
&
3467 (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
3468 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
3470 if (ses
->capabilities
& CAP_STATUS32
) {
3471 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
3473 if (ses
->capabilities
& CAP_DFS
) {
3474 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
3476 if (ses
->capabilities
& CAP_UNICODE
) {
3477 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
3479 cifs_strtoUCS((__le16
*) bcc_ptr
, tree
,
3480 6 /* max utf8 char length in bytes */ *
3481 (/* server len*/ + 256 /* share len */), nls_codepage
);
3482 bcc_ptr
+= 2 * length
; /* convert num 16 bit words to bytes */
3483 bcc_ptr
+= 2; /* skip trailing null */
3484 } else { /* ASCII */
3485 strcpy(bcc_ptr
, tree
);
3486 bcc_ptr
+= strlen(tree
) + 1;
3488 strcpy(bcc_ptr
, "?????");
3489 bcc_ptr
+= strlen("?????");
3491 count
= bcc_ptr
- &pSMB
->Password
[0];
3492 pSMB
->hdr
.smb_buf_length
+= count
;
3493 pSMB
->ByteCount
= cpu_to_le16(count
);
3495 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
, &length
,
3498 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3499 /* above now done in SendReceive */
3500 if ((rc
== 0) && (tcon
!= NULL
)) {
3501 tcon
->tidStatus
= CifsGood
;
3502 tcon
->need_reconnect
= false;
3503 tcon
->tid
= smb_buffer_response
->Tid
;
3504 bcc_ptr
= pByteArea(smb_buffer_response
);
3505 length
= strnlen(bcc_ptr
, BCC(smb_buffer_response
) - 2);
3506 /* skip service field (NB: this field is always ASCII) */
3508 if ((bcc_ptr
[0] == 'I') && (bcc_ptr
[1] == 'P') &&
3509 (bcc_ptr
[2] == 'C')) {
3510 cFYI(1, ("IPC connection"));
3513 } else if (length
== 2) {
3514 if ((bcc_ptr
[0] == 'A') && (bcc_ptr
[1] == ':')) {
3515 /* the most common case */
3516 cFYI(1, ("disk share connection"));
3519 bcc_ptr
+= length
+ 1;
3520 strncpy(tcon
->treeName
, tree
, MAX_TREE_SIZE
);
3521 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
3522 length
= UniStrnlen((wchar_t *) bcc_ptr
, 512);
3523 if ((bcc_ptr
+ (2 * length
)) -
3524 pByteArea(smb_buffer_response
) <=
3525 BCC(smb_buffer_response
)) {
3526 kfree(tcon
->nativeFileSystem
);
3527 tcon
->nativeFileSystem
=
3528 kzalloc(length
+ 2, GFP_KERNEL
);
3529 if (tcon
->nativeFileSystem
)
3531 tcon
->nativeFileSystem
,
3533 length
, nls_codepage
);
3534 bcc_ptr
+= 2 * length
;
3535 bcc_ptr
[0] = 0; /* null terminate the string */
3539 /* else do not bother copying these information fields*/
3541 length
= strnlen(bcc_ptr
, 1024);
3542 if ((bcc_ptr
+ length
) -
3543 pByteArea(smb_buffer_response
) <=
3544 BCC(smb_buffer_response
)) {
3545 kfree(tcon
->nativeFileSystem
);
3546 tcon
->nativeFileSystem
=
3547 kzalloc(length
+ 1, GFP_KERNEL
);
3548 if (tcon
->nativeFileSystem
)
3549 strncpy(tcon
->nativeFileSystem
, bcc_ptr
,
3552 /* else do not bother copying these information fields*/
3554 if ((smb_buffer_response
->WordCount
== 3) ||
3555 (smb_buffer_response
->WordCount
== 7))
3556 /* field is in same location */
3557 tcon
->Flags
= le16_to_cpu(pSMBr
->OptionalSupport
);
3560 cFYI(1, ("Tcon flags: 0x%x ", tcon
->Flags
));
3561 } else if ((rc
== 0) && tcon
== NULL
) {
3562 /* all we need to save for IPC$ connection */
3563 ses
->ipc_tid
= smb_buffer_response
->Tid
;
3566 cifs_buf_release(smb_buffer
);
3571 cifs_umount(struct super_block
*sb
, struct cifs_sb_info
*cifs_sb
)
3575 struct cifsSesInfo
*ses
= NULL
;
3580 if (cifs_sb
->tcon
) {
3581 ses
= cifs_sb
->tcon
->ses
; /* save ptr to ses before delete tcon!*/
3582 rc
= CIFSSMBTDis(xid
, cifs_sb
->tcon
);
3587 DeleteTconOplockQEntries(cifs_sb
->tcon
);
3588 tconInfoFree(cifs_sb
->tcon
);
3589 cifs_put_smb_ses(ses
);
3592 cifs_sb
->tcon
= NULL
;
3593 tmp
= cifs_sb
->prepath
;
3594 cifs_sb
->prepathlen
= 0;
3595 cifs_sb
->prepath
= NULL
;
3602 int cifs_setup_session(unsigned int xid
, struct cifsSesInfo
*pSesInfo
,
3603 struct nls_table
*nls_info
)
3606 char ntlm_session_key
[CIFS_SESS_KEY_SIZE
];
3607 bool ntlmv2_flag
= false;
3609 struct TCP_Server_Info
*server
= pSesInfo
->server
;
3611 /* what if server changes its buffer size after dropping the session? */
3612 if (server
->maxBuf
== 0) /* no need to send on reconnect */ {
3613 rc
= CIFSSMBNegotiate(xid
, pSesInfo
);
3614 if (rc
== -EAGAIN
) {
3615 /* retry only once on 1st time connection */
3616 rc
= CIFSSMBNegotiate(xid
, pSesInfo
);
3621 spin_lock(&GlobalMid_Lock
);
3622 if (server
->tcpStatus
!= CifsExiting
)
3623 server
->tcpStatus
= CifsGood
;
3626 spin_unlock(&GlobalMid_Lock
);
3635 pSesInfo
->flags
= 0;
3636 pSesInfo
->capabilities
= server
->capabilities
;
3637 if (linuxExtEnabled
== 0)
3638 pSesInfo
->capabilities
&= (~CAP_UNIX
);
3639 /* pSesInfo->sequence_number = 0;*/
3640 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3641 server
->secMode
, server
->capabilities
, server
->timeAdj
));
3643 if (experimEnabled
< 2)
3644 rc
= CIFS_SessSetup(xid
, pSesInfo
, first_time
, nls_info
);
3645 else if (extended_security
3646 && (pSesInfo
->capabilities
& CAP_EXTENDED_SECURITY
)
3647 && (server
->secType
== NTLMSSP
)) {
3649 } else if (extended_security
3650 && (pSesInfo
->capabilities
& CAP_EXTENDED_SECURITY
)
3651 && (server
->secType
== RawNTLMSSP
)) {
3652 cFYI(1, ("NTLMSSP sesssetup"));
3653 rc
= CIFSNTLMSSPNegotiateSessSetup(xid
, pSesInfo
, &ntlmv2_flag
,
3658 cFYI(1, ("more secure NTLM ver2 hash"));
3659 if (CalcNTLMv2_partial_mac_key(pSesInfo
,
3664 v2_response
= kmalloc(16 + 64 /* blob*/,
3667 CalcNTLMv2_response(pSesInfo
,
3670 cifs_calculate_ntlmv2_mac_key */
3672 /* BB Put dummy sig in SessSetup PDU? */
3679 SMBNTencrypt(pSesInfo
->password
,
3684 cifs_calculate_mac_key(
3685 &server
->mac_signing_key
,
3687 pSesInfo
->password
);
3689 /* for better security the weaker lanman hash not sent
3690 in AuthSessSetup so we no longer calculate it */
3692 rc
= CIFSNTLMSSPAuthSessSetup(xid
, pSesInfo
,
3697 } else { /* old style NTLM 0.12 session setup */
3698 SMBNTencrypt(pSesInfo
->password
, server
->cryptKey
,
3702 cifs_calculate_mac_key(&server
->mac_signing_key
,
3704 pSesInfo
->password
);
3706 rc
= CIFSSessSetup(xid
, pSesInfo
, ntlm_session_key
, nls_info
);
3709 cERROR(1, ("Send error in SessSetup = %d", rc
));
3711 cFYI(1, ("CIFS Session Established successfully"));
3712 spin_lock(&GlobalMid_Lock
);
3713 pSesInfo
->status
= CifsGood
;
3714 pSesInfo
->need_reconnect
= false;
3715 spin_unlock(&GlobalMid_Lock
);